Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2020
CVE-2020-4421
IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084.
CVSS Score
5.0
EPSS Score
0.002
Published
2020-05-06
CVE-2020-2181
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-05-06
CVE-2020-2182
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-05-06
CVE-2020-2183
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-05-06
CVE-2020-2184
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
CVSS Score
4.3
EPSS Score
0.02
Published
2020-05-06
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
CVSS Score
5.6
EPSS Score
0.001
Published
2020-05-06
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-05-06
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
CVSS Score
5.6
EPSS Score
0.0
Published
2020-05-06
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-05-06
CVE-2020-2189
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-05-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved