Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2013-4090
Varnish HTTP cache before 3.0.4: ACL bug
CVSS Score
7.5
EPSS Score
0.004
Published
2020-02-12
CVE-2020-2126
Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-02-12
CVE-2020-2127
Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-02-12
CVE-2020-2128
Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-02-12
CVE-2020-2129
Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-02-12
CVE-2020-2130
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-02-12
CVE-2020-2131
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-02-12
CVE-2020-2132
Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-02-12
CVE-2020-2133
Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-02-12
CVE-2020-8595
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match.
CVSS Score
7.3
EPSS Score
0.008
Published
2020-02-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved