Filtered by vendor Jenkins
Subscribe
Search
Total
807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2103 | 1 Jenkins | 1 Jenkins | 2020-03-17 | 4.0 MEDIUM | 5.4 MEDIUM |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. | |||||
| CVE-2020-2102 | 1 Jenkins | 1 Jenkins | 2020-03-17 | 3.5 LOW | 5.3 MEDIUM |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | |||||
| CVE-2020-2101 | 1 Jenkins | 1 Jenkins | 2020-03-17 | 3.5 LOW | 5.3 MEDIUM |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. | |||||
| CVE-2020-2153 | 1 Jenkins | 1 Backlog | 2020-03-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2145 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2020-03-10 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | |||||
| CVE-2020-2136 | 1 Jenkins | 1 Git | 2020-03-09 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2148 | 1 Jenkins | 1 Mac | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-2147 | 1 Jenkins | 1 Mac | 2020-03-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. | |||||
| CVE-2020-2142 | 1 Jenkins | 1 P4 | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | |||||
| CVE-2020-2141 | 1 Jenkins | 1 P4 | 2020-03-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. | |||||
| CVE-2020-2139 | 1 Jenkins | 1 Cobertura | 2020-03-09 | 8.5 HIGH | 6.5 MEDIUM |
| An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | |||||
| CVE-2020-2137 | 1 Jenkins | 1 Timestamper | 2020-03-09 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2020-2154 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2020-03-09 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. | |||||
| CVE-2020-2140 | 1 Jenkins | 1 Audit Trail | 2020-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-2155 | 1 Jenkins | 1 Openshift Deployer | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2156 | 1 Jenkins | 1 Deployhub | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2151 | 1 Jenkins | 1 Quality Gates | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2150 | 1 Jenkins | 1 Sonar Quality Gates | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2149 | 1 Jenkins | 1 Repository Connector | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2157 | 1 Jenkins | 1 Skytap Cloud Ci | 2020-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2143 | 1 Jenkins | 1 Logstash | 2020-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2152 | 1 Jenkins | 1 Subversion Release Manager | 2020-03-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. | |||||
| CVE-2020-2122 | 1 Jenkins | 1 Brakeman | 2020-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data. | |||||
| CVE-2020-2119 | 1 Jenkins | 1 Azure Ad | 2020-02-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | |||||
| CVE-2020-2113 | 1 Jenkins | 1 Git Parameter | 2020-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | |||||
| CVE-2020-2112 | 1 Jenkins | 1 Git Parameter | 2020-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | |||||
| CVE-2020-2129 | 1 Jenkins | 1 Eagle Tester | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2111 | 1 Jenkins | 1 Subversion | 2020-02-14 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2020-2130 | 1 Jenkins | 1 Harvest Scm | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2131 | 1 Jenkins | 1 Harvest Scm | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2132 | 1 Jenkins | 1 Parasoft Environment Manager | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2133 | 1 Jenkins | 1 Applatix | 2020-02-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2127 | 1 Jenkins | 1 Bmc Release Package And Deployment | 2020-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2020-2128 | 1 Jenkins | 1 Ecx Copy Data Management | 2020-02-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2125 | 1 Jenkins | 1 Debian Package Builder | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2126 | 1 Jenkins | 1 Digitalocean | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system. | |||||
| CVE-2020-2124 | 1 Jenkins | 1 Dynamic Extended Choice Parameter | 2020-02-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2107 | 1 Jenkins | 1 Fortify | 2020-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2020-2106 | 1 Jenkins | 1 Code Coverage Api | 2020-01-30 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. | |||||
| CVE-2020-2096 | 1 Jenkins | 1 Gitlab Hook | 2020-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. | |||||
| CVE-2019-16557 | 1 Jenkins | 1 Redgate Sql Change Automation | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16556 | 1 Jenkins | 1 Rundeck | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-16555 | 1 Jenkins | 1 Build Failure Analyzer | 2020-01-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process. | |||||
| CVE-2019-16554 | 1 Jenkins | 1 Build Failure Analyzer | 2020-01-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression. | |||||
| CVE-2019-16552 | 1 Jenkins | 1 Gerrit Trigger | 2020-01-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master. | |||||
| CVE-2019-16559 | 1 Jenkins | 1 Websphere Deployer | 2020-01-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | |||||
| CVE-2019-16569 | 1 Jenkins | 1 Mantis | 2019-12-31 | 4.3 MEDIUM | 4.3 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. | |||||
| CVE-2019-16564 | 1 Jenkins | 1 Pipeline Aggregator View | 2019-12-18 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escape information shown on its view, resulting in a stored XSS vulnerability exploitable by attackers able to affects view content such as job display name or pipeline stage names. | |||||
| CVE-2019-16568 | 1 Jenkins | 1 Sctmexecutor | 2019-12-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. | |||||
| CVE-2019-16572 | 1 Jenkins | 1 Weibo | 2019-12-18 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||