Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-03	CVE-2020-2321	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Shelve Project A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. network low complexity jenkins CWE-352	8.1
2020-12-03	CVE-2020-2320	Download of Code Without Integrity Check vulnerability in Jenkins Installation Manager Tool Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. network low complexity jenkins CWE-494 critical	9.8
2020-11-04	CVE-2020-2319	Insufficiently Protected Credentials vulnerability in Jenkins VMWare LAB Manager Slaves Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. network low complexity jenkins CWE-522	6.5
2020-11-04	CVE-2020-2318	Insufficiently Protected Credentials vulnerability in Jenkins Mail Commander 1.0.0 Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. network low complexity jenkins CWE-522	6.5
2020-11-04	CVE-2020-2317	Cross-site Scripting vulnerability in Jenkins Findbugs Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step. network low complexity jenkins CWE-79	5.4
2020-11-04	CVE-2020-2316	Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-11-04	CVE-2020-2315	Unspecified vulnerability in Jenkins Visualworks Store Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins	6.5
2020-11-04	CVE-2020-2314	Insufficiently Protected Credentials vulnerability in Jenkins Appspider Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. local low complexity jenkins CWE-522	5.5
2020-11-04	CVE-2020-2313	Unspecified vulnerability in Jenkins Azure KEY Vault A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins	4.3
2020-11-04	CVE-2020-2312	Unspecified vulnerability in Jenkins Sqlplus Script Runner Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. network low complexity jenkins	6.5

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins