Shodan
Vulnerabilities
Vulnerable Software
Jenkins:  Security Vulnerabilities
CVE-2020-2169
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-03-25
CVE-2020-2170
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-03-25
CVE-2020-2171
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-03-25
CVE-2020-2160
Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-03-25
CVE-2020-2157
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-03-09
CVE-2020-2158
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVSS Score
8.8
EPSS Score
0.01
Published
2020-03-09
CVE-2020-2159
Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.
CVSS Score
8.8
EPSS Score
0.028
Published
2020-03-09
CVE-2020-2149
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-03-09
CVE-2020-2150
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-03-09
CVE-2020-2151
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved