Vulnerabilities > Jenkins > Sounds

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2020-2098 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sounds
A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.
network
low complexity
jenkins CWE-352
8.8
2020-01-15 CVE-2020-2097 Incorrect Authorization vulnerability in Jenkins Sounds
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.
network
low complexity
jenkins CWE-863
8.8