org.jenkins-ci.plugins
1,035 tracked vulnerabilities.
CVE-2020-2150
MEDIUM
Jenkins Sonar Quality Gates Plugin < 1.3.1 - Cleartext Transmission of Sensitive Credentials
Mar 09, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2149
MEDIUM
Jenkins Repository Connector Plugin < 1.2.6 - Cleartext Transmission of Sensitive Credentials
Mar 09, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2145
MEDIUM
Jenkins Zephyr Enterprise Test Management Plugin < 1.9.1 - Insufficiently Protected Credentials
Mar 09, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-2144
HIGH
Jenkins Rundeck Plugin < 3.6.6 - XML External Entity Injection
Mar 09, 2020
CVSS 7.1
EPSS 0.01
CVE-2020-2143
MEDIUM
Jenkins Logstash Plugin < 2.3.1 - Cleartext Transmission of Sensitive Credentials
Mar 09, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2142
MEDIUM
Jenkins P4 Plugin < 1.10.10 - Unauthenticated Build Trigger via Missing Permission Check
Mar 09, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2141
MEDIUM
Jenkins P4 Plugin < 1.10.10 - Cross-Site Request Forgery
Mar 09, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2140
MEDIUM
NUCLEI
Jenkins Audit Trail Plugin < 3.2 - Reflected Cross-Site Scripting via URL Patterns Field
Mar 09, 2020
CVSS 6.1
EPSS 0.76
CVE-2020-2139
MEDIUM
Jenkins Cobertura < 1.16 - Arbitrary File Write via Coverage Report File
Mar 09, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-2138
HIGH
Jenkins Cobertura Plugin < 1.15 - XML External Entity Injection
Mar 09, 2020
CVSS 7.1
EPSS 0.01
CVE-2020-2137
MEDIUM
Jenkins Timestamper Plugin <= 1.11.1 - Stored Cross-Site Scripting
Mar 09, 2020
CVSS 4.8
EPSS 0.01
CVE-2020-2136
MEDIUM
Jenkins Git Plugin < 4.2.0 - Stored Cross-Site Scripting via Repository URL Error Message
Mar 09, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2135
HIGH
Jenkins Script Security Plugin < 1.70 - Sandbox Bypass via GroovyInterceptable Method Calls
Mar 09, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2134
HIGH
Jenkins Script Security Plugin < 1.70 - Sandbox Bypass via Crafted Constructor Calls
Mar 09, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2131
MEDIUM
Jenkins Harvest SCM Plugin <= 0.5.1 - Insufficiently Protected Credentials in Job config.xml
Feb 12, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-2130
MEDIUM
Jenkins Harvest SCM Plugin <= 0.5.1 - Insufficiently Protected Credentials
Feb 12, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-2123
HIGH
Jenkins RadarGun Plugin < 1.7 - Remote Code Execution via YAML Deserialization
Feb 12, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-2122
MEDIUM
Jenkins Brakeman Plugin < 0.12 - Stored Cross-Site Scripting via Unescaped JSON Values
Feb 12, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-2121
HIGH
Jenkins Google Kubernetes Engine Plugin < 0.8.0 - Remote Code Execution via YAML Parser
Feb 12, 2020
CVSS 8.8
EPSS 0.03
CVE-2020-2120
HIGH
Jenkins FitNesse Plugin < 1.30 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2119
MEDIUM
Jenkins Azure AD Plugin <= 1.1.2 - Insufficiently Protected Credentials
Feb 12, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-2118
MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Credential ID Enumeration via Form-Related Methods
Feb 12, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2117
MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Missing Permission Check
Feb 12, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-2116
HIGH
Jenkins Pipeline GitHub Notify Step < 1.0.4 - Cross-Site Request Forgery
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2115
HIGH
Jenkins NUnit < 0.25 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.01
Products
script-security 35
git 13
email-ext 12
active-directory 11
config-file-provider 9
electricflow 9
credentials-binding 8
ec2 8
oic-auth 8
subversion 8
artifactory 7
htmlpublisher 7
jobConfigHistory 7
mercurial 7
openshift-deployer 7
rundeck 7
azure-ad 6
azure-vm-agents 6
ec2-deployment-dashboard 6
fortify-on-demand-uploader 6
ghprb 6
gitlab-oauth 6
gitlab-plugin 6
pipeline-maven 6
repository-connector 6
aws-codecommit-trigger 5
codedx 5
credentials 5
delphix 5
extended-choice-parameter 5
Quick Filters