Export limit exceeded: 77106 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77106 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2280 | 1 Jenkins | 1 Warnings | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. | ||||
| CVE-2020-2276 | 1 Jenkins | 1 Selection Tasks | 2024-11-21 | 8.8 High |
| Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | ||||
| CVE-2020-2268 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 8.8 High |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | ||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 7.1 High |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2241 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. | ||||
| CVE-2020-2240 | 1 Jenkins | 1 Database | 2024-11-21 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. | ||||
| CVE-2020-2232 | 1 Jenkins | 1 Email Extension | 2024-11-21 | 7.5 High |
| Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. | ||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 8.8 High |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | ||||
| CVE-2020-2211 | 1 Jenkins | 1 Kubernetes Ci | 2024-11-21 | 8.8 High |
| Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2024-11-21 | 8.8 High |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | ||||
| CVE-2020-2196 | 1 Jenkins | 1 Selenium | 2024-11-21 | 8.0 High |
| Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | ||||
| CVE-2020-2189 | 1 Jenkins | 1 Source Code Management Filter Jervis | 2024-11-21 | 8.8 High |
| Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2180 | 1 Jenkins | 1 Amazon Web Services Serverless Application Model | 2024-11-21 | 8.8 High |
| Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2179 | 1 Jenkins | 1 Yaml Axis | 2024-11-21 | 8.8 High |
| Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2178 | 1 Jenkins | 1 Parasoft Findings | 2024-11-21 | 7.1 High |
| Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2171 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 8.8 High |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2024-11-21 | 8.8 High |
| Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2167 | 2 Jenkins, Redhat | 2 Openshift Pipeline, Openshift | 2024-11-21 | 8.8 High |
| Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 8.8 High |
| Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||