Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-04	CVE-2020-2302	Missing Authorization vulnerability in Jenkins Active Directory A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. network low complexity jenkins CWE-862	4.3
2020-10-08	CVE-2020-2296	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Shared Objects A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects. network low complexity jenkins CWE-352	4.3
2020-10-08	CVE-2020-2293	Unspecified vulnerability in Jenkins Persona Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller. network low complexity jenkins	6.5
2020-10-08	CVE-2020-2290	Cross-site Scripting vulnerability in Jenkins Active Choices Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-10-08	CVE-2020-2289	Cross-site Scripting vulnerability in Jenkins Active Choices Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-10-08	CVE-2020-2288	Unspecified vulnerability in Jenkins Audit Trail In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling. network low complexity jenkins	5.3
2020-10-08	CVE-2020-2298	Unspecified vulnerability in Jenkins Nerrvana Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. network low complexity jenkins	6.5
2020-10-08	CVE-2020-2292	Cross-site Scripting vulnerability in Jenkins Release Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission. network low complexity jenkins CWE-79	5.4
2020-10-08	CVE-2020-2287	Unspecified vulnerability in Jenkins Audit Trail Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL. network low complexity jenkins	5.3
2020-09-23	CVE-2020-2285	Missing Authorization vulnerability in Jenkins Liquibase Runner A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. network low complexity jenkins CWE-862	4.3