Max CVSS 6.5 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-2228 6.5
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
19-10-2021 - 12:52 15-07-2020 - 18:15
CVE-2020-2227 3.5
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
22-07-2020 - 16:44 15-07-2020 - 18:15
CVE-2020-2226 3.5
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.
22-07-2020 - 16:37 15-07-2020 - 18:15
CVE-2020-2221 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
21-07-2020 - 16:45 15-07-2020 - 18:15
CVE-2020-2220 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
21-07-2020 - 16:41 15-07-2020 - 18:15
CVE-2020-2222 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
21-07-2020 - 16:36 15-07-2020 - 18:15
CVE-2020-2224 3.5
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
21-07-2020 - 16:29 15-07-2020 - 18:15
CVE-2020-2223 3.5
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
21-07-2020 - 16:29 15-07-2020 - 18:15
CVE-2020-2225 3.5
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
21-07-2020 - 16:27 15-07-2020 - 18:15
Back to Top Mark selected
Back to Top