Vulnerabilities > Jenkins

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-16	CVE-2020-2269	Cross-site Scripting vulnerability in Jenkins Chosen-Views-Tabbar 1.0/1.1/1.2 Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. network low complexity jenkins CWE-79	5.4
2020-09-16	CVE-2020-2268	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mongodb A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. network low complexity jenkins CWE-352	8.8
2020-09-16	CVE-2020-2267	Missing Authorization vulnerability in Jenkins Mongodb A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. network low complexity jenkins CWE-862	4.3
2020-09-16	CVE-2020-2266	Cross-site Scripting vulnerability in Jenkins Description Column Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-09-16	CVE-2020-2265	Cross-site Scripting vulnerability in Jenkins Coverage/Complexity Scatter Plot Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. network low complexity jenkins CWE-79	5.4
2020-09-16	CVE-2020-2264	Cross-site Scripting vulnerability in Jenkins Custom JOB Icon 0.1/0.2 Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-09-16	CVE-2020-2263	Cross-site Scripting vulnerability in Jenkins Radiator View Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-09-16	CVE-2020-2262	Cross-site Scripting vulnerability in Jenkins Android Lint Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. network low complexity jenkins CWE-79	5.4
2020-09-16	CVE-2020-2261	OS Command Injection vulnerability in Jenkins Perfecto Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller network low complexity jenkins CWE-78	8.8
2020-09-16	CVE-2020-2260	Missing Authorization vulnerability in Jenkins Perfecto A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. network low complexity jenkins CWE-862	4.3

Vulnerabilities > Jenkins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Jenkins"}]}

Vulnerabilities > Jenkins