Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-2270 | Cross-site Scripting vulnerability in Jenkins Clearcase Release 0.1/0.2/0.3 Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the composite baseline in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-09-16 | CVE-2020-2269 | Cross-site Scripting vulnerability in Jenkins Chosen-Views-Tabbar 1.0/1.1/1.2 Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views. | 5.4 |
| 2020-09-16 | CVE-2020-2267 | Missing Authorization vulnerability in Jenkins Mongodb A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | 4.3 |
| 2020-09-16 | CVE-2020-2266 | Cross-site Scripting vulnerability in Jenkins Description Column Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-09-16 | CVE-2020-2265 | Cross-site Scripting vulnerability in Jenkins Coverage/Complexity Scatter Plot Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | 5.4 |
| 2020-09-16 | CVE-2020-2264 | Cross-site Scripting vulnerability in Jenkins Custom JOB Icon 0.1/0.2 Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-09-16 | CVE-2020-2263 | Cross-site Scripting vulnerability in Jenkins Radiator View Jenkins Radiator View Plugin 1.29 and earlier does not escape the full name of the jobs in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | 5.4 |
| 2020-09-16 | CVE-2020-2262 | Cross-site Scripting vulnerability in Jenkins Android Lint Jenkins Android Lint Plugin 2.6 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin's post-build step. | 5.4 |
| 2020-09-16 | CVE-2020-2260 | Missing Authorization vulnerability in Jenkins Perfecto A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | 4.3 |
| 2020-09-16 | CVE-2020-2259 | Cross-site Scripting vulnerability in Jenkins Computer Queue Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 |