Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-08	CVE-2020-2290	Cross-site Scripting vulnerability in Jenkins Active Choices Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-10-08	CVE-2020-2289	Cross-site Scripting vulnerability in Jenkins Active Choices Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-10-08	CVE-2020-2288	Unspecified vulnerability in Jenkins Audit Trail In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. network low complexity jenkins	5.3
2020-10-08	CVE-2020-2298	Unspecified vulnerability in Jenkins Nerrvana Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins	6.5
2020-10-08	CVE-2020-2292	Cross-site Scripting vulnerability in Jenkins Release Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. network low complexity jenkins CWE-79	5.4
2020-10-08	CVE-2020-2287	Unspecified vulnerability in Jenkins Audit Trail Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. network low complexity jenkins	5.3
2020-09-23	CVE-2020-2285	Missing Authorization vulnerability in Jenkins Liquibase Runner A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins CWE-862	4.3
2020-09-23	CVE-2020-2283	Cross-site Scripting vulnerability in Jenkins Liquibase Runner Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin. network low complexity jenkins CWE-79	5.4
2020-09-23	CVE-2020-2282	Missing Authorization vulnerability in Jenkins Implied Labels Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. network low complexity jenkins CWE-862	4.3
2020-09-23	CVE-2020-2281	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Lockable Resources A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. network low complexity jenkins CWE-352	5.4