Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-12 | CVE-2020-2235 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 |
| 2020-08-12 | CVE-2020-2234 | Missing Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 |
| 2020-08-12 | CVE-2020-2233 | Incorrect Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 |
| 2020-08-12 | CVE-2020-2232 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Email Extension 2.72/2.73 Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | 7.5 |
| 2020-08-12 | CVE-2020-2231 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | 5.4 |
| 2020-08-12 | CVE-2020-2230 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | 5.4 |
| 2020-08-12 | CVE-2020-2229 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | 5.4 |
| 2020-07-15 | CVE-2020-2228 | Incorrect Authorization vulnerability in Jenkins Gitlab Authentication Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | 8.8 |
| 2020-07-15 | CVE-2020-2227 | Cross-site Scripting vulnerability in Jenkins Deployer Framework 1.0/1.1/1.2 Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | 5.4 |
| 2020-07-15 | CVE-2020-2226 | Cross-site Scripting vulnerability in Jenkins Matrix Authorization Strategy Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | 5.4 |