Vulnerabilities > Jenkins > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-03 | CVE-2020-2193 | Cross-site Scripting vulnerability in Jenkins Echarts API Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. | 5.4 |
| 2020-06-03 | CVE-2020-2192 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Self-Organizing Swarm Modules A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels. | 6.5 |
| 2020-06-03 | CVE-2020-2191 | Incorrect Default Permissions vulnerability in Jenkins Self-Organizing Swarm Modules Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | 4.3 |
| 2020-06-03 | CVE-2020-2190 | Cross-site Scripting vulnerability in Jenkins Script Security Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | 5.4 |
| 2020-05-06 | CVE-2020-2188 | Incorrect Authorization vulnerability in Jenkins Amazon EC2 A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | 4.3 |
| 2020-05-06 | CVE-2020-2187 | Improper Certificate Validation vulnerability in Jenkins Amazon EC2 Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | 5.6 |
| 2020-05-06 | CVE-2020-2186 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Amazon EC2 A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. | 4.3 |
| 2020-05-06 | CVE-2020-2185 | Unspecified vulnerability in Jenkins Amazon EC2 Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | 5.6 |
| 2020-05-06 | CVE-2020-2184 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Current Versions Systems A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. | 4.3 |
| 2020-05-06 | CVE-2020-2183 | Incorrect Default Permissions vulnerability in Jenkins Copy Artifact Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | 6.5 |