Filtered by vendor Jenkins
Subscribe
Total
1395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2020-09-04 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | |||||
| CVE-2020-2246 | 1 Jenkins | 1 Valgrind | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | |||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2020-09-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2249 | 1 Jenkins | 1 Team Foundation Server | 2020-09-04 | 2.1 LOW | 3.3 LOW |
| Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2250 | 1 Jenkins | 1 Soapui Pro Functional Testing | 2020-09-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2020-2251 | 1 Jenkins | 2 Jenkins, Soapui Pro Functional Testing | 2020-09-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2020-2239 | 1 Jenkins | 1 Parameterized Remote Trigger | 2020-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2020-09-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | |||||
| CVE-2019-1003095 | 1 Jenkins | 1 Perfecto Mobile | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003077 | 1 Jenkins | 1 Audit To Database | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003094 | 1 Jenkins | 1 Open Stf | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003089 | 1 Jenkins | 1 Upload To Pgyer | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003088 | 1 Jenkins | 1 Fabric Beta Publisher | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003075 | 1 Jenkins | 1 Audit To Database | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003074 | 1 Jenkins | 1 Hyper.sh Commons | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003073 | 1 Jenkins | 1 Vs Team Services Continuous Deployment | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003072 | 1 Jenkins | 1 Wildfly Deployer | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003071 | 1 Jenkins | 1 Octopusdeploy | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||