Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-2200 | OS Command Injection vulnerability in Jenkins Play Framework Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | 8.8 |
| 2020-06-03 | CVE-2020-2196 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Selenium Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 8.0 |
| 2020-05-06 | CVE-2020-2189 | Deserialization of Untrusted Data vulnerability in Jenkins Source Code Management Filter Jervis 0.1/0.2/0.2.1 Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-04-16 | CVE-2020-2180 | Deserialization of Untrusted Data vulnerability in Jenkins Amazon web Services Serverless Application Model 1.2.2 Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-04-16 | CVE-2020-2179 | Deserialization of Untrusted Data vulnerability in Jenkins Yaml Axis Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-04-16 | CVE-2020-2178 | XXE vulnerability in Jenkins Parasoft Findings Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-03-25 | CVE-2020-2171 | XXE vulnerability in Jenkins Rapiddeploy Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 8.8 |
| 2020-03-25 | CVE-2020-2168 | Improper Input Validation vulnerability in Jenkins Azure Container Service Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-03-25 | CVE-2020-2167 | Improper Input Validation vulnerability in Jenkins Openshift Pipeline Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-03-25 | CVE-2020-2166 | Improper Input Validation vulnerability in Jenkins Pipeline: AWS Steps Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |