Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2020-2276
Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-09-16
CVE-2020-2277
Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller.
CVSS Score
6.5
EPSS Score
0.015
Published
2020-09-16
CVE-2020-2278
Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-09-16
CVE-2020-2252
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVSS Score
4.8
EPSS Score
0.0
Published
2020-09-16
CVE-2020-2253
Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.
CVSS Score
4.8
EPSS Score
0.0
Published
2020-09-16
CVE-2020-2254
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
CVSS Score
6.5
EPSS Score
0.024
Published
2020-09-16
CVE-2020-2255
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVSS Score
4.3
EPSS Score
0.001
Published
2020-09-16
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-16
CVE-2020-2257
Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-09-16
CVE-2020-2258
Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved