High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-17	CVE-2019-16565	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Team Concert A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-352	8.8
2019-12-17	CVE-2019-16561	Improper Certificate Validation vulnerability in Jenkins Websphere Deployer Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. network low complexity jenkins CWE-295	7.1
2019-12-17	CVE-2019-16560	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Websphere Deployer A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. network low complexity jenkins CWE-352	8.8
2019-12-17	CVE-2019-16558	Improper Certificate Validation vulnerability in Jenkins Spira Importer 3.2.2/3.2.3 Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. network low complexity jenkins CWE-295	8.2
2019-12-17	CVE-2019-16553	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer A cross-site request forgery vulnerability in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers to have Jenkins evaluate a computationally expensive regular expression. network low complexity jenkins CWE-352	8.8
2019-12-17	CVE-2019-16551	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gerrit Trigger A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials. network low complexity jenkins CWE-352	8.8
2019-12-17	CVE-2019-16550	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Maven 0.14.0/0.16.1 A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents. network low complexity jenkins CWE-352	8.8
2019-12-17	CVE-2019-16549	XXE vulnerability in Jenkins Maven 0.14.0/0.16.1 Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks, allowing man-in-the-middle attackers to have Jenkins parse crafted XML documents. network high complexity jenkins CWE-611	8.1
2019-11-21	CVE-2019-16548	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Google Compute Engine A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineCloud#doProvision could be used to provision new agents. network low complexity jenkins CWE-352	8.8
2019-11-21	CVE-2019-16538	Incorrect Authorization vulnerability in Jenkins Script Security A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 and earlier related to the handling of default parameter expressions in closures allowed attackers to execute arbitrary code in sandboxed scripts. network low complexity jenkins CWE-863	8.8