Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-01 | CVE-2020-2239 | Missing Encryption of Sensitive Data vulnerability in Jenkins Parameterized Remote Trigger Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 4.3 |
| 2020-09-01 | CVE-2020-2238 | Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-08-12 | CVE-2020-2237 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Flaky Test Handler A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. | 4.3 |
| 2020-08-12 | CVE-2020-2236 | Cross-site Scripting vulnerability in Jenkins YET Another Build Visualizer Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. | 5.4 |
| 2020-08-12 | CVE-2020-2235 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 |
| 2020-08-12 | CVE-2020-2234 | Missing Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | 6.5 |
| 2020-08-12 | CVE-2020-2233 | Incorrect Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 6.5 |
| 2020-08-12 | CVE-2020-2232 | Cleartext Transmission of Sensitive Information vulnerability in Jenkins Email Extension 2.72/2.73 Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | 7.5 |
| 2020-08-12 | CVE-2020-2231 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | 5.4 |
| 2020-08-12 | CVE-2020-2230 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | 5.4 |