Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-2249 | Missing Encryption of Sensitive Data vulnerability in Jenkins Team Foundation Server Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 3.3 |
| 2020-09-01 | CVE-2020-2248 | Cross-site Scripting vulnerability in Jenkins Jsgames 0.1/0.2 Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. | 6.1 |
| 2020-09-01 | CVE-2020-2247 | XXE vulnerability in Jenkins Klocwork Analysis Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
| 2020-09-01 | CVE-2020-2246 | Cross-site Scripting vulnerability in Jenkins Valgrind Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents. | 5.4 |
| 2020-09-01 | CVE-2020-2245 | XXE vulnerability in Jenkins Valgrind Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-09-01 | CVE-2020-2244 | Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indications. | 5.4 |
| 2020-09-01 | CVE-2020-2243 | Cross-site Scripting vulnerability in Jenkins Cadence Vmanager Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | 5.4 |
| 2020-09-01 | CVE-2020-2242 | Missing Authorization vulnerability in Jenkins Database A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | 6.5 |
| 2020-09-01 | CVE-2020-2241 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Database A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | 8.8 |
| 2020-09-01 | CVE-2020-2240 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Database A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | 8.8 |