Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-15	CVE-2020-2096	Cross-site Scripting vulnerability in Jenkins Gitlab Hook Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. network low complexity jenkins CWE-79	6.1
2020-01-15	CVE-2020-2095	Insufficiently Protected Credentials vulnerability in Jenkins Redgate SQL Change Automation Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system. network low complexity jenkins CWE-522	4.3
2020-01-15	CVE-2020-2094	Missing Authorization vulnerability in Jenkins Health Advisor BY Cloudbees A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. network low complexity jenkins CWE-862	4.3
2019-12-17	CVE-2019-16576	Missing Authorization vulnerability in Jenkins Alauda Kubernetes Support A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2019-12-17	CVE-2019-16574	Missing Authorization vulnerability in Jenkins Alauda Devops Pipeline A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. network low complexity jenkins CWE-862	6.5
2019-12-17	CVE-2019-16572	Insufficiently Protected Credentials vulnerability in Jenkins Weibo 1.0.1 Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. local low complexity jenkins CWE-522	5.5
2019-12-17	CVE-2019-16571	Missing Authorization vulnerability in Jenkins Rapiddeploy A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. network low complexity jenkins CWE-862	4.3
2019-12-17	CVE-2019-16569	Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mantis A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0.26 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials. network low complexity jenkins CWE-352	4.3
2019-12-17	CVE-2019-16568	Cleartext Transmission of Sensitive Information vulnerability in Jenkins Sctmexecutor Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations. network low complexity jenkins CWE-319	5.3
2019-12-17	CVE-2019-16567	Missing Authorization vulnerability in Jenkins Team Concert A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. network low complexity jenkins CWE-862	4.3