Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2020-2183
Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-05-06
CVE-2020-2184
A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL.
CVSS Score
4.3
EPSS Score
0.02
Published
2020-05-06
CVE-2020-2185
Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.
CVSS Score
5.6
EPSS Score
0.001
Published
2020-05-06
CVE-2020-2186
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-05-06
CVE-2020-2187
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
CVSS Score
5.6
EPSS Score
0.0
Published
2020-05-06
CVE-2020-2188
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-05-06
CVE-2020-2189
Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-05-06
CVE-2020-2177
Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-04-16
CVE-2020-2178
Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-04-16
CVE-2020-2179
Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-04-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved