Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-2245 | XXE vulnerability in Jenkins Valgrind Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-09-01 | CVE-2020-2244 | Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | 5.4 |
| 2020-09-01 | CVE-2020-2243 | Cross-site Scripting vulnerability in Jenkins Cadence Vmanager Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | 5.4 |
| 2020-09-01 | CVE-2020-2242 | Missing Authorization vulnerability in Jenkins Database A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | 6.5 |
| 2020-09-01 | CVE-2020-2241 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Database A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | 8.8 |
| 2020-09-01 | CVE-2020-2240 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Database A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | 8.8 |
| 2020-09-01 | CVE-2020-2239 | Missing Encryption of Sensitive Data vulnerability in Jenkins Parameterized Remote Trigger Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 4.3 |
| 2020-09-01 | CVE-2020-2238 | Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-08-12 | CVE-2020-2237 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Flaky Test Handler A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | 4.3 |
| 2020-08-12 | CVE-2020-2236 | Cross-site Scripting vulnerability in Jenkins YET Another Build Visualizer Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. | 5.4 |