Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-01	CVE-2020-2243	Cross-site Scripting vulnerability in Jenkins Cadence Vmanager Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. network low complexity jenkins CWE-79	5.4
2020-09-01	CVE-2020-2242	Missing Authorization vulnerability in Jenkins Database A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. network low complexity jenkins CWE-862	6.5
2020-09-01	CVE-2020-2239	Missing Encryption of Sensitive Data vulnerability in Jenkins Parameterized Remote Trigger Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. network low complexity jenkins CWE-311	4.3
2020-09-01	CVE-2020-2238	Cross-site Scripting vulnerability in Jenkins GIT Parameter Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. network low complexity jenkins CWE-79	5.4
2020-08-12	CVE-2020-2237	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Flaky Test Handler A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. network low complexity jenkins CWE-352	4.3
2020-08-12	CVE-2020-2236	Cross-site Scripting vulnerability in Jenkins YET Another Build Visualizer Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. network low complexity jenkins CWE-79	5.4
2020-08-12	CVE-2020-2235	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. network low complexity jenkins CWE-352	6.5
2020-08-12	CVE-2020-2234	Missing Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2020-08-12	CVE-2020-2233	Incorrect Authorization vulnerability in Jenkins Pipeline Maven Integration A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. network low complexity jenkins CWE-863	6.5
2020-08-12	CVE-2020-2231	Cross-site Scripting vulnerability in Jenkins Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. network low complexity jenkins CWE-79	5.4