Filtered by vendor Jenkins
Subscribe
Search
Total
1277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2259 | 1 Jenkins | 1 Computer Queue | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | |||||
| CVE-2020-2270 | 1 Jenkins | 1 Clearcase Release | 2020-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2017-2611 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2020-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents. | |||||
| CVE-2020-2238 | 1 Jenkins | 1 Git Parameter | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2020-09-04 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | |||||
| CVE-2020-2243 | 1 Jenkins | 1 Cadence Vmanager | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | |||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2020-09-04 | 5.5 MEDIUM | 7.1 HIGH |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2244 | 1 Jenkins | 1 Build Failure Analyzer | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | |||||
| CVE-2020-2246 | 1 Jenkins | 1 Valgrind | 2020-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | |||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2020-09-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||||
| CVE-2020-2249 | 1 Jenkins | 1 Team Foundation Server | 2020-09-04 | 2.1 LOW | 3.3 LOW |
| Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2250 | 1 Jenkins | 1 Soapui Pro Functional Testing | 2020-09-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2020-2251 | 1 Jenkins | 2 Jenkins, Soapui Pro Functional Testing | 2020-09-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. | |||||
| CVE-2020-2248 | 1 Jenkins | 1 Jsgames | 2020-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2020-2239 | 1 Jenkins | 1 Parameterized Remote Trigger | 2020-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | |||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2020-09-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | |||||
| CVE-2019-1003095 | 1 Jenkins | 1 Perfecto Mobile | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003077 | 1 Jenkins | 1 Audit To Database | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003089 | 1 Jenkins | 1 Upload To Pgyer | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003088 | 1 Jenkins | 1 Fabric Beta Publisher | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003094 | 1 Jenkins | 1 Open Stf | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Open STF Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003075 | 1 Jenkins | 1 Audit To Database | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003074 | 1 Jenkins | 1 Hyper.sh Commons | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003073 | 1 Jenkins | 1 Vs Team Services Continuous Deployment | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins VS Team Services Continuous Deployment Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003072 | 1 Jenkins | 1 Wildfly Deployer | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins WildFly Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003071 | 1 Jenkins | 1 Octopusdeploy | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins OctopusDeploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003070 | 1 Jenkins | 1 Veracode-scanner | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003069 | 1 Jenkins | 1 Aqua Security Scanner | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003068 | 1 Jenkins | 1 Vmware Vrealize Automation | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins VMware vRealize Automation Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003067 | 1 Jenkins | 1 Trac Publisher | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003066 | 1 Jenkins | 1 Bugzilla | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003065 | 1 Jenkins | 1 Cloudshare Docker-machine | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003064 | 1 Jenkins | 1 Aws-device-farm | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003063 | 1 Jenkins | 1 Amazon Sns Build Notifier | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003062 | 1 Jenkins | 1 Aws Cloudwatch Logs Publisher | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003060 | 1 Jenkins | 1 Official Owasp Zap | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003061 | 1 Jenkins | 1 Jenkins-cloudformation-plugin | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003059 | 1 Jenkins | 1 Ftp Publisher | 2020-09-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins FTP publisher Plugin in the FTPPublisher.DescriptorImpl#doLoginCheck method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-1003057 | 1 Jenkins | 1 Bitbucket Approve | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003056 | 1 Jenkins | 1 Websphere Deployer | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003055 | 1 Jenkins | 1 Ftp Publisher | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003054 | 1 Jenkins | 1 Jira Issue Updater | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003053 | 1 Jenkins | 1 Hockeyapp | 2020-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | |||||
| CVE-2019-1003052 | 1 Jenkins | 1 Aws Elastic Beanstalk Publisher | 2020-08-31 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-1003051 | 1 Jenkins | 1 Irc | 2020-08-31 | 4.0 MEDIUM | 8.8 HIGH |
| Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2017-1000388 | 1 Jenkins | 1 Dependency Graph Viewer | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | |||||
| CVE-2017-1000390 | 1 Jenkins | 1 Multijob | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build. | |||||
| CVE-2017-1000086 | 1 Jenkins | 1 Periodic Backup | 2020-08-24 | 6.0 MEDIUM | 8.0 HIGH |
| The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | |||||
| CVE-2017-1000400 | 1 Jenkins | 1 Jenkins | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to. | |||||
| CVE-2017-1000243 | 1 Jenkins | 1 Favorite Plugin | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user's favorites | |||||