Filtered by vendor Jenkins
Subscriptions
Filtered by product Jenkins
Subscriptions
Total
249 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2222 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2221 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2220 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2163 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. | ||||
| CVE-2020-2162 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. | ||||
| CVE-2020-2161 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define node labels. | ||||
| CVE-2020-2160 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.8 High |
| Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different representations of request URL paths, which allows attackers to craft URLs that allow bypassing CSRF protection of any target URL. | ||||
| CVE-2020-2105 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. | ||||
| CVE-2020-2104 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 4.3 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. | ||||
| CVE-2020-2103 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. | ||||
| CVE-2020-2102 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.3 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | ||||
| CVE-2020-2101 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.3 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. | ||||
| CVE-2020-2100 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.8 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. | ||||
| CVE-2020-2099 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.6 High |
| Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | ||||
| CVE-2019-10406 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 4.8 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or filter values set as Jenkins URL in the global configuration, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. | ||||
| CVE-2019-10405 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the "Cookie" HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly. | ||||
| CVE-2019-10404 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the reason why a queue items is blcoked in tooltips, resulting in a stored XSS vulnerability exploitable by users able to control parts of the reason a queue item is blocked, such as label expressions not matching any idle executors. | ||||
| CVE-2019-10403 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the SCM tag name on the tooltip for SCM tag actions, resulting in a stored XSS vulnerability exploitable by users able to control SCM tag names for these actions. | ||||
| CVE-2019-10402 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox form control interpreted its item labels as HTML, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents. | ||||
| CVE-2019-10401 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandableTextBox form control interpreted its content as HTML when expanded, resulting in a stored XSS vulnerability exploitable by users with permission to define its contents (typically Job/Configure). | ||||