org.jenkins-ci.plugins

1,024 tracked vulnerabilities.

CVE-2020-2136 MEDIUM
Jenkins Git Plugin < 4.2.0 - Stored Cross-Site Scripting via Repository URL Error Message
Mar 09, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-2135 HIGH
Jenkins Script Security Plugin < 1.70 - Sandbox Bypass via GroovyInterceptable Method Calls
Mar 09, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2134 HIGH
Jenkins Script Security Plugin < 1.70 - Sandbox Bypass via Crafted Constructor Calls
Mar 09, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2131 MEDIUM
Jenkins Harvest SCM Plugin <= 0.5.1 - Insufficiently Protected Credentials in Job config.xml
Feb 12, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-2130 MEDIUM
Jenkins Harvest SCM Plugin <= 0.5.1 - Insufficiently Protected Credentials
Feb 12, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-2123 HIGH
Jenkins RadarGun Plugin < 1.7 - Remote Code Execution via YAML Deserialization
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2122 MEDIUM
Jenkins Brakeman Plugin < 0.12 - Stored Cross-Site Scripting via Unescaped JSON Values
Feb 12, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-2121 HIGH
Jenkins Google Kubernetes Engine Plugin < 0.8.0 - Remote Code Execution via YAML Parser
Feb 12, 2020
CVSS 8.8
EPSS 0.02
CVE-2020-2120 HIGH
Jenkins FitNesse Plugin < 1.30 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2119 MEDIUM
Jenkins Azure AD Plugin <= 1.1.2 - Insufficiently Protected Credentials
Feb 12, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-2118 MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Credential ID Enumeration via Form-Related Methods
Feb 12, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-2117 MEDIUM
Jenkins Pipeline GitHub Notify Step Plugin < 1.0.4 - Missing Permission Check
Feb 12, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-2116 HIGH
Jenkins Pipeline GitHub Notify Step < 1.0.4 - Cross-Site Request Forgery
Feb 12, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2115 HIGH
Jenkins NUnit < 0.25 - XML External Entity Injection
Feb 12, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2114 HIGH
Jenkins S3 Publisher Plugin <= 0.11.4 - Plaintext Credential Exposure in Global Configuration
Feb 12, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-2111 MEDIUM
Jenkins Subversion Plugin < 2.13.0 - Stored Cross-Site Scripting in Project Repository Base URL Field
Feb 12, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-2110 HIGH
Jenkins Script Security Plugin < 1.69 - Sandbox Bypass via AST Transforming Annotations
Feb 12, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-2108 HIGH
Jenkins WebSphere Deployer Plugin < 1.6.1 - XML External Entity Injection via Job Configuration
Jan 29, 2020
CVSS 7.6
EPSS 0.00
CVE-2020-2107 MEDIUM
Jenkins Fortify Plugin < 19.1.29 - Insufficiently Protected Credentials in Job config.xml
Jan 29, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-2098 HIGH
Jenkins Sounds Plugin < 0.5 - Cross-Site Request Forgery
Jan 15, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2097 HIGH
Jenkins Sounds Plugin < 0.5 - OS Command Execution via Form Validation URL
Jan 15, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2094 MEDIUM
Jenkins Health Advisor by CloudBees < 3.0 - Missing Authorization for Email Sending
Jan 15, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-2093 HIGH
Jenkins Health Advisor by CloudBees < 3.0 - Cross-Site Request Forgery
Jan 15, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2092 HIGH
Jenkins Robot Framework < 2.0.0 - XML External Entity Injection
Jan 15, 2020
CVSS 8.8
EPSS 0.00
CVE-2020-2091 HIGH
Jenkins Amazon EC2 Plugin < 1.47 - Server-Side Request Forgery via AWS Credentials
Jan 15, 2020
CVSS 8.1
EPSS 0.00
Products
script-security 35 git 13 email-ext 11 active-directory 9 config-file-provider 9 electricflow 9 ec2 8 oic-auth 8 subversion 8 artifactory 7 credentials-binding 7 htmlpublisher 7 jobConfigHistory 7 mercurial 7 openshift-deployer 7 rundeck 7 azure-ad 6 azure-vm-agents 6 ec2-deployment-dashboard 6 fortify-on-demand-uploader 6 ghprb 6 gitlab-oauth 6 gitlab-plugin 6 pipeline-maven 6 repository-connector 6 aws-codecommit-trigger 5 codedx 5 credentials 5 delphix 5 extended-choice-parameter 5
Quick Filters
Critical CVEs With Exploits In CISA KEV