National Vulnerability Database

National Vulnerability Database

NVD

Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
CVSS Version 3.1 Official Support!
CVSS Version 3.1 Official Support!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2019-1003031 - A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM.
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 9.9 CRITICAL
     V2.0: 6.5 MEDIUM

  • CVE-2019-1003032 - A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/... read CVE-2019-1003032
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 9.9 CRITICAL
     V2.0: 6.5 MEDIUM

  • CVE-2019-1003033 - A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins mast... read CVE-2019-1003033
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2019-1003034 - A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plug... read CVE-2019-1003034
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 9.9 CRITICAL
     V2.0: 6.5 MEDIUM

  • CVE-2019-1003035 - An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attack... read CVE-2019-1003035
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-1003036 - A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azur... read CVE-2019-1003036
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 4.3 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-1003037 - An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of cred... read CVE-2019-1003037
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-1003038 - An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repos... read CVE-2019-1003038
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 2.1 LOW

  • CVE-2019-1003039 - An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain... read CVE-2019-1003039
    Published: March 08, 2019; 4:29:00 PM -0500

    V3.1: 8.8 HIGH
     V2.0: 4.0 MEDIUM

  • CVE-2019-1003040 - A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
    Published: March 28, 2019; 2:29:00 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2019-1003041 - A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 and earlier allows attackers to invoke arbitrary constructors in sandboxed scripts.
    Published: March 28, 2019; 2:29:00 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2019-1003043 - A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, captur... read CVE-2019-1003043
    Published: March 28, 2019; 2:29:00 PM -0400

    V3.1: 7.5 HIGH
     V2.0: 3.5 LOW

  • CVE-2019-1003045 - A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's configuration.
    Published: March 28, 2019; 2:29:00 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2019-1003047 - A missing permission check in Jenkins Fortify on Demand Uploader Plugin 3.0.10 and earlier allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
    Published: March 28, 2019; 2:29:00 PM -0400

    V3.1: 6.5 MEDIUM
     V2.0: 4.0 MEDIUM

  • CVE-2020-25149 - An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php ex... read CVE-2020-25149
    Published: September 25, 2020; 2:15:15 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-25148 - An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /i... read CVE-2020-25148
    Published: September 25, 2020; 2:15:15 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-25147 - An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via usernam... read CVE-2020-25147
    Published: September 25, 2020; 2:15:15 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2020-25146 - An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la... read CVE-2020-25146
    Published: September 25, 2020; 2:15:15 PM -0400

    V3.1: 6.1 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-25145 - An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php ex... read CVE-2020-25145
    Published: September 25, 2020; 2:15:15 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM

  • CVE-2020-25144 - An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php ex... read CVE-2020-25144
    Published: September 25, 2020; 2:15:15 PM -0400

    V3.1: 8.8 HIGH
     V2.0: 6.5 MEDIUM