Max CVSS 7.5 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
06-04-2022 - 18:07 20-04-2019 - 00:29
CVE-2020-2099 7.5
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which
17-03-2020 - 04:15 29-01-2020 - 16:15
CVE-2020-2104 4.0
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
17-03-2020 - 04:15 29-01-2020 - 16:15
CVE-2020-2100 5.0
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
17-03-2020 - 04:15 29-01-2020 - 16:15
CVE-2020-2103 4.0
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
17-03-2020 - 04:15 29-01-2020 - 16:15
CVE-2020-2102 3.5
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.
17-03-2020 - 04:15 29-01-2020 - 16:15
CVE-2020-2101 3.5
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
17-03-2020 - 04:15 29-01-2020 - 16:15
CVE-2020-2105 4.3
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
17-03-2020 - 04:15 29-01-2020 - 16:15
Back to Top Mark selected
Back to Top