Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2020-2237
A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-08-12
CVE-2020-2221
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-07-15
CVE-2020-2222
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-07-15
CVE-2020-2223
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-07-15
CVE-2020-2224
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-15
CVE-2020-2225
Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-15
CVE-2020-2226
Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-07-15
CVE-2020-2227
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-07-15
CVE-2020-2228
Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-15
CVE-2020-2220
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-07-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved