Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-23	CVE-2020-2285	Missing Authorization vulnerability in Jenkins Liquibase Runner A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins CWE-862	4.3
2020-09-23	CVE-2020-2284	XXE vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins CWE-611	7.1
2020-09-23	CVE-2020-2283	Cross-site Scripting vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. network low complexity jenkins CWE-79	5.4
2020-09-23	CVE-2020-2282	Missing Authorization vulnerability in Jenkins Implied Labels Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. network low complexity jenkins CWE-862	4.3
2020-09-23	CVE-2020-2281	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lockable Resources A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. network low complexity jenkins CWE-352	5.4
2020-09-23	CVE-2020-2280	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Warnings A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. network low complexity jenkins CWE-352	8.8
2020-09-23	CVE-2020-2279	Unspecified vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM. network low complexity jenkins critical	9.9
2020-09-16	CVE-2020-2278	Path Traversal vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. network low complexity jenkins CWE-22	6.5
2020-09-16	CVE-2020-2277	Path Traversal vulnerability in Jenkins Storable Configs 1.0 Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. network low complexity jenkins CWE-22	6.5
2020-09-16	CVE-2020-2276	OS Command Injection vulnerability in Jenkins Selection Tasks 1.0 Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. network low complexity jenkins CWE-78	8.8

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins