Total
6213 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2309 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2308 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||||
| CVE-2020-2306 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | ||||
| CVE-2020-2302 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. | ||||
| CVE-2020-2285 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2282 | 1 Jenkins | 1 Implied Labels | 2024-11-21 | 4.3 Medium |
| Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. | ||||
| CVE-2020-2272 | 1 Jenkins | 1 Elastest | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2020-2267 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2260 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2020-2255 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | ||||
| CVE-2020-2234 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||
| CVE-2020-2216 | 1 Jenkins | 1 Zephyr For Jira Test Management | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password. | ||||
| CVE-2020-2204 | 1 Jenkins | 1 Fortify On Demand | 2024-11-21 | 5.4 Medium |
| A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. | ||||
| CVE-2020-2202 | 1 Jenkins | 1 Fortify On Demand | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2020-2142 | 1 Jenkins | 1 P4 | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. | ||||
| CVE-2020-2094 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. | ||||
| CVE-2020-2091 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 8.1 High |
| A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method. | ||||
| CVE-2020-29621 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences. | ||||
| CVE-2020-29604 | 2 Mantisbt, Microsoft | 2 Mantisbt, Windows | 2024-11-21 | 6.5 Medium |
| An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information. | ||||