Max CVSS | 6.5 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-2220 | 3.5 |
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 15-07-2020 - 18:15 | |
CVE-2020-2226 | 3.5 |
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 15-07-2020 - 18:15 | |
CVE-2019-16541 | 6.5 |
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
|
25-10-2023 - 18:16 | 21-11-2019 - 15:15 | |
CVE-2020-2225 | 3.5 |
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 15-07-2020 - 18:15 | |
CVE-2020-2222 | 3.5 |
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 15-07-2020 - 18:15 | |
CVE-2020-2224 | 3.5 |
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 15-07-2020 - 18:15 | |
CVE-2020-2223 | 3.5 |
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 15-07-2020 - 18:15 | |
CVE-2020-2221 | 3.5 |
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 15-07-2020 - 18:15 | |
CVE-2020-13757 | 5.0 |
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted cipherte
|
01-03-2023 - 03:09 | 01-06-2020 - 19:15 | |
CVE-2020-1741 | 4.0 |
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and th
|
12-02-2023 - 23:40 | 24-04-2020 - 19:15 |