| Max CVSS | 6.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-2199 | 4.3 |
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2194 | 3.5 |
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2198 | 4.0 |
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2190 | 3.5 |
Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2191 | 4.0 |
Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2192 | 4.3 |
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2196 | 6.0 |
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2200 | 6.5 |
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2195 | 3.5 |
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2197 | 4.0 |
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 | |
| CVE-2020-2193 | 3.5 |
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.
|
25-10-2023 - 18:16 | 03-06-2020 - 13:15 |