Vulnerabilities > Jenkins

DATE CVE VULNERABILITY TITLE RISK
2020-03-25 CVE-2020-2167 Improper Input Validation vulnerability in Jenkins Openshift Pipeline
Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-20
8.8
8.8
2020-03-25 CVE-2020-2166 Improper Input Validation vulnerability in Jenkins Pipeline: AWS Steps
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-20
8.8
8.8
2020-03-25 CVE-2020-2163 Cross-site Scripting vulnerability in Jenkins
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers.
network
low complexity
jenkins CWE-79
5.4
5.4
2020-03-25 CVE-2020-2162 Cross-site Scripting vulnerability in Jenkins
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability.
network
low complexity
jenkins CWE-79
5.4
5.4
2020-03-25 CVE-2020-2161 Cross-site Scripting vulnerability in Jenkins
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels.
network
low complexity
jenkins CWE-79
5.4
5.4
2020-03-25 CVE-2020-2160 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
network
low complexity
jenkins CWE-352
8.8
8.8
2020-03-09 CVE-2020-2159 OS Command Injection vulnerability in Jenkins Cryptomove
Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.
network
low complexity
jenkins CWE-78
8.8
8.8
2020-03-09 CVE-2020-2158 Deserialization of Untrusted Data vulnerability in Jenkins Literate 0.1/0.2/1.0
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
network
low complexity
jenkins CWE-502
8.8
8.8
2020-03-09 CVE-2020-2157 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Skytap Cloud CI
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
network
low complexity
jenkins CWE-319
4.3
4.3
2020-03-09 CVE-2020-2156 Cleartext Transmission of Sensitive Information vulnerability in Jenkins Deployhub
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
network
low complexity
jenkins CWE-319
4.3
4.3