Max CVSS 7.5 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-2099 7.5
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which
25-10-2023 - 18:16 29-01-2020 - 16:15
CVE-2020-2104 4.0
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
25-10-2023 - 18:16 29-01-2020 - 16:15
CVE-2020-2100 5.0
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
25-10-2023 - 18:16 29-01-2020 - 16:15
CVE-2020-2103 4.0
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
25-10-2023 - 18:16 29-01-2020 - 16:15
CVE-2020-2102 3.5
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.
25-10-2023 - 18:16 29-01-2020 - 16:15
CVE-2020-2101 3.5
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
25-10-2023 - 18:16 29-01-2020 - 16:15
CVE-2020-2105 4.3
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
25-10-2023 - 18:16 29-01-2020 - 16:15
CVE-2019-10392 6.5
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
25-10-2023 - 18:16 12-09-2019 - 14:15
CVE-2020-8608 6.8
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
14-02-2021 - 03:50 06-02-2020 - 17:15
Back to Top Mark selected
Back to Top