Vulnerabilities > Jenkins
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-2112 | Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. | 5.4 |
| 2020-02-12 | CVE-2020-2111 | Cross-site Scripting vulnerability in Jenkins Subversion Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. | 5.4 |
| 2020-02-12 | CVE-2020-2110 | Improper Input Validation vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. | 8.8 |
| 2020-02-12 | CVE-2020-2109 | Improper Input Validation vulnerability in Jenkins Pipeline: Groovy Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. | 8.8 |
| 2020-01-29 | CVE-2020-2108 | XXE vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | 7.6 |
| 2020-01-29 | CVE-2020-2107 | Insufficiently Protected Credentials vulnerability in Jenkins Fortify 19.1.28/19.1.29 Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
| 2020-01-29 | CVE-2020-2106 | Cross-site Scripting vulnerability in Jenkins Code Coverage API Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations. | 5.4 |
| 2020-01-29 | CVE-2020-2105 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Jenkins REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | 5.4 |
| 2020-01-29 | CVE-2020-2104 | Incorrect Authorization vulnerability in Jenkins Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | 4.3 |
| 2020-01-29 | CVE-2020-2103 | Information Exposure vulnerability in Jenkins Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. | 5.4 |