Export limit exceeded: 341484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 77106 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77106 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2165 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 7.5 High |
| Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2160 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.8 High |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | ||||
| CVE-2020-2159 | 1 Jenkins | 1 Cryptomove | 2024-11-21 | 8.8 High |
| Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | ||||
| CVE-2020-2158 | 1 Jenkins | 1 Literate | 2024-11-21 | 8.8 High |
| Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2146 | 1 Jenkins | 1 Mac | 2024-11-21 | 7.4 High |
| Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | ||||
| CVE-2020-2144 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 7.1 High |
| Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2138 | 1 Jenkins | 1 Cobertura | 2024-11-21 | 7.1 High |
| Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2135 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 8.8 High |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | ||||
| CVE-2020-2134 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 8.8 High |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. | ||||
| CVE-2020-2123 | 1 Jenkins | 1 Radargun | 2024-11-21 | 8.8 High |
| Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2121 | 1 Jenkins | 1 Google Kubernetes Engine | 2024-11-21 | 8.8 High |
| Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | ||||
| CVE-2020-2120 | 1 Jenkins | 1 Fitnesse | 2024-11-21 | 8.8 High |
| Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2116 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2020-2115 | 1 Jenkins | 1 Nunit | 2024-11-21 | 8.8 High |
| Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2114 | 1 Jenkins | 1 S3 Publisher | 2024-11-21 | 7.5 High |
| Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. | ||||
| CVE-2020-2110 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 8.8 High |
| Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. | ||||
| CVE-2020-2109 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.8 High |
| Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. | ||||
| CVE-2020-2108 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 7.6 High |
| Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | ||||
| CVE-2020-2099 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.6 High |
| Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | ||||
| CVE-2020-2098 | 1 Jenkins | 1 Sounds | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins. | ||||