Lucene search
K

73 matches found

NCSC
NCSC
added 2020/07/16 12:0 a.m.6 views

Vulnerabilities fixed in Jenkins

Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...

8.8CVSS6.5AI score0.01433EPSS
Exploits0
CVE
CVE
added 2020/07/15 5:0 p.m.71 views

CVE-2020-2227

The CVE-2020-2227 entry concerns the Jenkins Deployer Framework Plugin (versions 1.2 and earlier). The vulnerability is a stored XSS caused by the plugin not escaping the URL displayed on the build home page. Impact is that an attacker could execute script in the context of an affected user’s bro...

5.4CVSS5.2AI score0.00688EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.6 views

PT-2020-15443 · Jenkins · Jenkins Deployer Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 1.2 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the URL displayed in the build home page is not properly escaped. This vulnerabilit...

8CVSS5.1AI score0.00688EPSS
Exploits0References7
CNVD
CNVD
added 2020/06/04 12:0 a.m.3 views

CloudBees Jenkins Play Framework Plugin OS Command Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Play Framework Plugin is used in one of the...

8.8CVSS8.2AI score0.02422EPSS
Exploits0References1
NVD
NVD
added 2020/06/03 1:15 p.m.27 views

CVE-2020-2200

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...

8.8CVSS8.9AI score0.02422EPSS
Exploits0References2
CVE
CVE
added 2020/06/03 12:40 p.m.77 views

CVE-2020-2200

CVE-2020-2200 concerns the Jenkins Play Framework Plugin (versions 1.0.2 and earlier). The issue arises when a form validation endpoint lets users specify the path to the play command on the Jenkins master, enabling an OS command injection vulnerability exploitable by users who can place a file o...

8.8CVSS8.8AI score0.02422EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/03 12:40 p.m.27 views

CVE-2020-2200

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master...

8.9AI score0.02422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/06/03 12:0 a.m.6 views

PT-2020-15414 · Jenkins · Jenkins Play Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Play Framework Plugin versions 1.0.2 and earlier Description: The issue concerns an OS command injection vulnerability. It occurs because a form validation endpoint in the Play Framework Plugin executes the play command to validate a...

8.8CVSS8.9AI score0.02422EPSS
Exploits0References6
CNVD
CNVD
added 2020/01/22 12:0 a.m.1 views

CloudBees Jenkins Robot Framework Plugin Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . CloudBees Jenkins Robot...

8.8CVSS7.2AI score0.01382EPSS
Exploits0References1
NVD
NVD
added 2020/01/15 4:15 p.m.29 views

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

8.8CVSS8.7AI score0.01382EPSS
Exploits0References1
OSV
OSV
added 2020/01/15 4:15 p.m.18 views

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

8.8CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2020/01/15 3:15 p.m.35 views

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

8.7AI score0.01382EPSS
Exploits0References1
CVE
CVE
added 2020/01/15 3:15 p.m.68 views

CVE-2020-2092

CVE-2020-2092 affects Jenkins Robot Framework Plugin (versions ≤ 2.0.0). The issue is that the XML parser is not configured to prevent XML External Entity (XXE) attacks, enabling users with Job/Configure to submit crafted XML documents that may expose secrets, enable SSRF, or cause denial of serv...

8.8CVSS8.6AI score0.01382EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder