Filtered by vendor Jenkins
Subscribe
Total
1647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2090 | 1 Jenkins | 1 Amazon Ec2 | 2023-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | |||||
| CVE-2020-2309 | 1 Jenkins | 1 Kubernetes | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2020-2307 | 1 Jenkins | 1 Kubernetes | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | |||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | |||||
| CVE-2021-21672 | 1 Jenkins | 1 Selenium Html Report | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2019-16557 | 1 Jenkins | 1 Redgate Sql Change Automation | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003037 | 1 Jenkins | 1 Azure Vm Agents | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | |||||
| CVE-2020-2324 | 1 Jenkins | 1 Cvs | 2023-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2019-10342 | 1 Jenkins | 1 Docker | 2023-10-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | |||||
| CVE-2020-2318 | 1 Jenkins | 1 Mail Commander | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2019-1003069 | 1 Jenkins | 1 Aqua Security Scanner | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-10295 | 1 Jenkins | 1 Crittercism-dsym | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2305 | 1 Jenkins | 1 Mercurial | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2019-10367 | 1 Jenkins | 1 Configuration As Code | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. | |||||
| CVE-2019-10431 | 1 Jenkins | 1 Script Security | 2023-10-25 | 6.5 MEDIUM | 9.9 CRITICAL |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | |||||
| CVE-2019-1003099 | 1 Jenkins | 1 Openid | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003055 | 1 Jenkins | 1 Ftp Publisher | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2021-21614 | 1 Jenkins | 1 Bumblebee Hp Alm | 2023-10-25 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2019-10301 | 1 Jenkins | 1 Gitlab | 2023-10-25 | 4.0 MEDIUM | 8.8 HIGH |
| A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||