Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-2197 | Incorrect Default Permissions vulnerability in Jenkins Project Inheritance Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | 4.3 |
| 2020-06-03 | CVE-2020-2196 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Selenium Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 8.0 |
| 2020-06-03 | CVE-2020-2195 | Cross-site Scripting vulnerability in Jenkins Compact Columns Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. | 5.4 |
| 2020-06-03 | CVE-2020-2194 | Cross-site Scripting vulnerability in Jenkins Echarts API Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. | 5.4 |
| 2020-06-03 | CVE-2020-2193 | Cross-site Scripting vulnerability in Jenkins Echarts API Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | 5.4 |
| 2020-06-03 | CVE-2020-2192 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Self-Organizing Swarm Modules A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | 6.5 |
| 2020-06-03 | CVE-2020-2191 | Incorrect Default Permissions vulnerability in Jenkins Self-Organizing Swarm Modules Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | 4.3 |
| 2020-06-03 | CVE-2020-2190 | Cross-site Scripting vulnerability in Jenkins Script Security Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | 5.4 |
| 2020-05-06 | CVE-2020-2189 | Deserialization of Untrusted Data vulnerability in Jenkins Source Code Management Filter Jervis 0.1/0.2/0.2.1 Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-05-06 | CVE-2020-2188 | Incorrect Authorization vulnerability in Jenkins Amazon EC2 A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |