Max CVSS 6.5 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-2220 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
25-10-2023 - 18:16 15-07-2020 - 18:15
CVE-2020-2226 3.5
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.
25-10-2023 - 18:16 15-07-2020 - 18:15
CVE-2019-16541 6.5
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
25-10-2023 - 18:16 21-11-2019 - 15:15
CVE-2020-2225 3.5
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
25-10-2023 - 18:16 15-07-2020 - 18:15
CVE-2020-2222 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
25-10-2023 - 18:16 15-07-2020 - 18:15
CVE-2020-2224 3.5
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
25-10-2023 - 18:16 15-07-2020 - 18:15
CVE-2020-2223 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
25-10-2023 - 18:16 15-07-2020 - 18:15
CVE-2020-2221 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
25-10-2023 - 18:16 15-07-2020 - 18:15
CVE-2020-13757 5.0
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted cipherte
01-03-2023 - 03:09 01-06-2020 - 19:15
CVE-2020-1741 4.0
A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and th
12-02-2023 - 23:40 24-04-2020 - 19:15
Back to Top Mark selected
Back to Top