Filtered by vendor Jenkins Subscriptions
Total 1651 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-2317 1 Jenkins 1 Findbugs 2024-11-21 5.4 Medium
Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step.
CVE-2020-2316 1 Jenkins 1 Static Analysis Utilities 2024-11-21 5.4 Medium
Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2020-2315 1 Jenkins 1 Visualworks Store 2024-11-21 6.5 Medium
Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2314 1 Jenkins 1 Appspider 2024-11-21 5.5 Medium
Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2020-2313 1 Jenkins 1 Azure Key Vault 2024-11-21 4.3 Medium
A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2312 1 Jenkins 1 Sqlplus Script Runner 2024-11-21 6.5 Medium
Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs.
CVE-2020-2311 1 Jenkins 1 Aws Global Configuration 2024-11-21 4.3 Medium
A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration.
CVE-2020-2310 1 Jenkins 1 Ansible 2024-11-21 4.3 Medium
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2309 2 Jenkins, Redhat 2 Kubernetes, Openshift 2024-11-21 4.3 Medium
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2308 2 Jenkins, Redhat 2 Kubernetes, Openshift 2024-11-21 4.3 Medium
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
CVE-2020-2307 2 Jenkins, Redhat 2 Kubernetes, Openshift 2024-11-21 4.3 Medium
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
CVE-2020-2306 2 Jenkins, Redhat 2 Mercurial, Openshift 2024-11-21 4.3 Medium
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
CVE-2020-2305 2 Jenkins, Redhat 2 Mercurial, Openshift 2024-11-21 6.5 Medium
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2304 2 Jenkins, Redhat 2 Subversion, Openshift 2024-11-21 6.5 Medium
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2303 1 Jenkins 1 Active Directory 2024-11-21 4.3 Medium
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.
CVE-2020-2302 1 Jenkins 1 Active Directory 2024-11-21 4.3 Medium
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.
CVE-2020-2301 1 Jenkins 1 Active Directory 2024-11-21 9.8 Critical
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
CVE-2020-2300 1 Jenkins 1 Active Directory 2024-11-21 9.8 Critical
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
CVE-2020-2299 1 Jenkins 1 Active Directory 2024-11-21 9.8 Critical
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
CVE-2020-2298 1 Jenkins 1 Nerrvana 2024-11-21 6.5 Medium
Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.