Vulnerabilities > Jenkins > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2020-2098 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sounds A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |
| 2020-01-15 | CVE-2020-2097 | Incorrect Authorization vulnerability in Jenkins Sounds Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |
| 2020-01-15 | CVE-2020-2093 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Health Advisor BY Cloudbees A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient. | 8.8 |
| 2020-01-15 | CVE-2020-2092 | XXE vulnerability in Jenkins Robot Framework Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | 8.8 |
| 2020-01-15 | CVE-2020-2091 | Missing Authorization vulnerability in Jenkins Amazon EC2 A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.1 |
| 2020-01-15 | CVE-2020-2090 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Amazon EC2 A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | 8.8 |
| 2019-12-17 | CVE-2019-16575 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Alauda Kubernetes Support A cross-site request forgery vulnerability in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. | 8.8 |
| 2019-12-17 | CVE-2019-16573 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Alauda Devops Pipeline A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |
| 2019-12-17 | CVE-2019-16570 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Rapiddeploy A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | 8.8 |
| 2019-12-17 | CVE-2019-16565 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Team Concert A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 8.8 |