jenkins

1,798 tracked vulnerabilities.

CVE-2020-2120 HIGH
Jenkins FitNesse Plugin < 1.30 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2119 MEDIUM
Jenkins Azure AD Plugin <= 1.1.2 - Insufficiently Protected Credentials
Feb 12, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2118 MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Credential ID Enumeration via Form-Related Methods
Feb 12, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2117 MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Missing Permission Check
Feb 12, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2116 HIGH
Jenkins Pipeline GitHub Notify Step < 1.0.4 - Cross-Site Request Forgery
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2115 HIGH
Jenkins NUnit < 0.25 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2114 HIGH
Jenkins S3 Publisher Plugin <= 0.11.4 - Plaintext Credential Exposure in Global Configuration
Feb 12, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-2113 MEDIUM
Jenkins Git Parameter Plugin < 0.9.11 - Stored Cross-Site Scripting via Default Value
Feb 12, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2112 MEDIUM
Jenkins Git Parameter Plugin <= 0.9.11 - Stored Cross-Site Scripting in Parameter Name
Feb 12, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2111 MEDIUM
Jenkins Subversion Plugin < 2.13.0 - Stored Cross-Site Scripting in Project Repository Base URL Field
Feb 12, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2110 HIGH
Jenkins Script Security Plugin < 1.69 - Sandbox Bypass via AST Transforming Annotations
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2109 HIGH
Jenkins Pipeline < 2.78 - Sandbox Protection Bypass via Default Parameter Expressions
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2108 HIGH
Jenkins WebSphere Deployer Plugin < 1.6.1 - XML External Entity Injection via Job Configuration
Jan 29, 2020
CVSS 7.6
EPSS 0.01
CVE-2020-2107 MEDIUM
Jenkins Fortify Plugin < 19.1.29 - Insufficiently Protected Credentials in Job config.xml
Jan 29, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2106 MEDIUM
Jenkins Code Coverage API Plugin < 1.1.2 - Stored Cross-Site Scripting in Coverage Report Filename
Jan 29, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2105 MEDIUM
Jenkins < 2.204.1 and < 2.218 - Clickjacking via REST API Endpoints
Jan 29, 2020
CVSS 5.4
EPSS 0.02
CVE-2020-2104 MEDIUM
Jenkins < 2.204.1 and < 2.218 - Incorrect Authorization for JVM Memory Usage Chart
Jan 29, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2103 MEDIUM NUCLEI
Jenkins < 2.204.1, 2.205-2.218 - Exposure of Sensitive Information via whoAmI Diagnostic Page
Jan 29, 2020
CVSS 5.4
EPSS 0.07
CVE-2020-2102 MEDIUM
Jenkins < 2.204.1 and < 2.218 - Timing Attack via HMAC Validation
Jan 29, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2101 MEDIUM
Jenkins < 2.204.1 and < 2.218 - Timing Attack via Connection Secret Validation
Jan 29, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2100 MEDIUM
Jenkins < 2.204.1 and < 2.218 - Denial of Service via UDP Amplification Reflection
Jan 29, 2020
CVSS 5.8
EPSS 0.03
CVE-2020-2099 HIGH
Jenkins <2.213-<2.204.1 - Info Disclosure
Jan 29, 2020
CVSS 8.6
EPSS 0.01
CVE-2020-2098 HIGH
Jenkins Sounds Plugin < 0.5 - Cross-Site Request Forgery
Jan 15, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2097 HIGH
Jenkins Sounds Plugin < 0.5 - OS Command Execution via Form Validation URL
Jan 15, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2096 MEDIUM NUCLEI
Jenkins Gitlab Hook Plugin < 1.4.2 - Reflected Cross-Site Scripting via Build Now Endpoint
Jan 15, 2020
CVSS 6.1
EPSS 0.89