Vulnerabilities > Jenkins > Sounds > 0.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-15 | CVE-2020-2098 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Sounds A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |
| 2020-01-15 | CVE-2020-2097 | Incorrect Authorization vulnerability in Jenkins Sounds Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins. | 8.8 |