Filtered by vendor Jenkins
Subscribe
Total
1603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10472 | 1 Jenkins | 1 Libvirt Slaves | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Libvirt Slaves Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2020-2159 | 1 Jenkins | 1 Cryptomove | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | |||||
| CVE-2020-2136 | 1 Jenkins | 1 Git | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2019-10418 | 1 Jenkins | 1 Kubernetes Pipeline | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection. | |||||
| CVE-2019-16542 | 1 Jenkins | 1 Anchore Container Image Scanner | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2115 | 1 Jenkins | 1 Nunit | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2019-16562 | 1 Jenkins | 1 Buildgraph-view | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions. | |||||
| CVE-2019-16563 | 1 Jenkins | 1 Mission Control | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job display names and build names shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to change these properties. | |||||
| CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-10464 | 1 Jenkins | 1 Deploy Weblogic | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. | |||||
| CVE-2019-16569 | 1 Jenkins | 1 Mantis | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | |||||
| CVE-2019-16564 | 1 Jenkins | 1 Pipeline Aggregator View | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. | |||||
| CVE-2019-16576 | 1 Jenkins | 1 Alauda Kubernetes Support | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | |||||
| CVE-2019-10411 | 1 Jenkins | 1 Inedo Buildmaster | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2143 | 1 Jenkins | 1 Logstash | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2135 | 1 Jenkins | 1 Script Security | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | |||||
| CVE-2019-10452 | 1 Jenkins | 1 View26 Test-reporting | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2126 | 1 Jenkins | 1 Digitalocean | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2019-16538 | 1 Jenkins | 1 Script Security | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. | |||||