Filtered by vendor Jenkins
Subscribe
Total
1647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2304 | 1 Jenkins | 1 Subversion | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2019-10451 | 1 Jenkins | 1 Soasta Cloudtest | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003040 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2023-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts. | |||||
| CVE-2020-2311 | 1 Jenkins | 1 Aws Global Configuration | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration. | |||||
| CVE-2019-10283 | 1 Jenkins | 1 Mabl | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10347 | 1 Jenkins | 1 Mashup Portlets | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-2214 | 1 Jenkins | 1 Zap Pipeline | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
| CVE-2020-2186 | 1 Jenkins | 1 Amazon Ec2 | 2023-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | |||||
| CVE-2020-2133 | 1 Jenkins | 1 Applatix | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16556 | 1 Jenkins | 1 Rundeck | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10356 | 2 Jenkins, Redhat | 2 Script Security, Openshift Container Platform | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 and earlier related to the handling of method pointer expressions allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2019-10389 | 1 Jenkins | 1 Relution Enterprise Appstore Publisher | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server. | |||||
| CVE-2020-2224 | 1 Jenkins | 1 Matrix Project | 2023-10-25 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2019-10428 | 1 Jenkins | 1 Aqua Security Scanner | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2172 | 1 Jenkins | 1 Code Coverage Api | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2019-16574 | 1 Jenkins | 1 Alauda Devops Pipeline | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2021-21615 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 3.5 LOW | 5.3 MEDIUM |
| Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. | |||||
| CVE-2019-16540 | 1 Jenkins | 1 Support Core | 2023-10-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | |||||
| CVE-2019-1003097 | 1 Jenkins | 1 Crowd Integration | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||