Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2020-2159 | OS Command Injection vulnerability in Jenkins Cryptomove Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | 8.8 |
| 2020-03-09 | CVE-2020-2158 | Deserialization of Untrusted Data vulnerability in Jenkins Literate 0.1/0.2/1.0 Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-03-09 | CVE-2020-2146 | Improper Verification of Cryptographic Signature vulnerability in Jenkins mac Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 7.4 |
| 2020-03-09 | CVE-2020-2144 | XXE vulnerability in Jenkins Rundeck Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-03-09 | CVE-2020-2138 | XXE vulnerability in Jenkins Cobertura Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
| 2020-03-09 | CVE-2020-2135 | Incorrect Authorization vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | 8.8 |
| 2020-03-09 | CVE-2020-2134 | Incorrect Authorization vulnerability in Jenkins Script Security Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | 8.8 |
| 2020-02-24 | CVE-2012-0785 | Resource Exhaustion vulnerability in multiple products Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack." | 7.5 |
| 2020-02-12 | CVE-2020-2123 | Deserialization of Untrusted Data vulnerability in Jenkins Radargun Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
| 2020-02-12 | CVE-2020-2121 | Unspecified vulnerability in Jenkins Google Kubernetes Engine Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |