Vulnerabilities > Jenkins > MAC

DATE CVE VULNERABILITY TITLE RISK
2020-03-09 CVE-2020-2148 Incorrect Authorization vulnerability in Jenkins mac
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-863
4.3
2020-03-09 CVE-2020-2147 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins mac
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
2020-03-09 CVE-2020-2146 Improper Verification of Cryptographic Signature vulnerability in Jenkins mac
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
network
high complexity
jenkins CWE-347
7.4