Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2020-2292
Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-10-08
CVE-2020-2293
Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-10-08
CVE-2020-2279
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
CVSS Score
9.9
EPSS Score
0.003
Published
2020-09-23
CVE-2020-2280
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-09-23
CVE-2020-2281
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-09-23
CVE-2020-2282
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-09-23
CVE-2020-2283
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-23
CVE-2020-2284
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-09-23
CVE-2020-2285
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-09-23
CVE-2020-2267
A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved