Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-08	CVE-2020-2298	Unspecified vulnerability in Jenkins Nerrvana Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins	6.5
2020-10-08	CVE-2020-2297	Insufficiently Protected Credentials vulnerability in Jenkins SMS Notification 1.0.1/1.1/1.2 Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. local low complexity jenkins CWE-522	3.3
2020-10-08	CVE-2020-2292	Cross-site Scripting vulnerability in Jenkins Release Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. network low complexity jenkins CWE-79	5.4
2020-10-08	CVE-2020-2287	Unspecified vulnerability in Jenkins Audit Trail Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. network low complexity jenkins	5.3
2020-09-23	CVE-2020-2285	Missing Authorization vulnerability in Jenkins Liquibase Runner A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins CWE-862	4.3
2020-09-23	CVE-2020-2284	XXE vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611	7.1
2020-09-23	CVE-2020-2283	Cross-site Scripting vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. network low complexity jenkins CWE-79	5.4
2020-09-23	CVE-2020-2282	Missing Authorization vulnerability in Jenkins Implied Labels Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. network low complexity jenkins CWE-862	4.3
2020-09-23	CVE-2020-2281	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lockable Resources A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. network low complexity jenkins CWE-352	5.4
2020-09-23	CVE-2020-2280	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. network low complexity jenkins CWE-352	8.8

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins