National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,233 matching records.
Displaying matches 1481 through 1500.
Vuln ID Summary CVSS Severity
CVE-2020-2154

Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.

Published: March 09, 2020; 12:15:14 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-2153

Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

Published: March 09, 2020; 12:15:14 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-2152

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

Published: March 09, 2020; 12:15:14 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-2151

Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Published: March 09, 2020; 12:15:14 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-2150

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Published: March 09, 2020; 12:15:14 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-2149

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Published: March 09, 2020; 12:15:14 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-2148

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-2147

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-2146

Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2020-2145

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-2144

Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 7.1 HIGH
    V2: 5.5 MEDIUM
CVE-2020-2143

Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-2142

A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.0 MEDIUM
CVE-2020-2141

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-2140

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-2139

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Published: March 09, 2020; 12:15:13 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 8.5 HIGH
CVE-2020-2138

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Published: March 09, 2020; 12:15:12 PM -04:00
V3.1: 7.1 HIGH
    V2: 5.5 MEDIUM
CVE-2020-2137

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.

Published: March 09, 2020; 12:15:12 PM -04:00
V3.1: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2020-2136

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.

Published: March 09, 2020; 12:15:12 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-2135

Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.

Published: March 09, 2020; 12:15:12 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM