Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-04 | CVE-2020-2317 | Cross-site Scripting vulnerability in Jenkins Findbugs Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin's post build step. | 5.4 |
| 2020-11-04 | CVE-2020-2316 | Cross-site Scripting vulnerability in Jenkins Static Analysis Utilities Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-11-04 | CVE-2020-2315 | Unspecified vulnerability in Jenkins Visualworks Store Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2020-11-04 | CVE-2020-2314 | Insufficiently Protected Credentials vulnerability in Jenkins Appspider Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 5.5 |
| 2020-11-04 | CVE-2020-2313 | Unspecified vulnerability in Jenkins Azure KEY Vault A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2020-11-04 | CVE-2020-2312 | Unspecified vulnerability in Jenkins Sqlplus Script Runner Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. | 6.5 |
| 2020-11-04 | CVE-2020-2311 | Unspecified vulnerability in Jenkins AWS Global Configuration A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration. | 4.3 |
| 2020-11-04 | CVE-2020-2310 | Unspecified vulnerability in Jenkins Ansible Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2020-11-04 | CVE-2020-2309 | Unspecified vulnerability in Jenkins Kubernetes A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2020-11-04 | CVE-2020-2308 | Unspecified vulnerability in Jenkins Kubernetes A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | 4.3 |