CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2251
https://notcve.org/view.php?id=CVE-2020-2251
01 Sep 2020 — Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. Jenkins SoapUI Pro Functional Testing Plugin versiones 1.5 y anteriores, transmite contraseñas del proyecto dentro de su configuración en texto plano como parte de los formularios de configuración del trabajo, resultando potencialmente en su exposición • http://www.openwall.com/lists/oss-security/2020/09/01/3 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 1%CPEs: 2EXPL: 3CVE-2020-2231 – Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
https://notcve.org/view.php?id=CVE-2020-2231
12 Aug 2020 — Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. Jenkins versiones 2.251 y anteriores, versiones LTS 2.235.3 y anteriores, no escapa la dirección remota del host que inicia una compilación por medio de "Trigger builds remotely", resultando en una vulnerabilid... • https://packetstorm.news/files/id/160616 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 3CVE-2020-2230 – Jenkins 2.235.3 - 'Description' Stored XSS
https://notcve.org/view.php?id=CVE-2020-2230
12 Aug 2020 — Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. Jenkins versiones 2.251 y anteriores, versiones LTS 2.235.3 y anteriores, no escapan la descripción de la estrategia de nombramiento del proyecto, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por usuarios con permiso General y de Administració... • https://packetstorm.news/files/id/160443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 3CVE-2020-2229 – Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-2229
12 Aug 2020 — Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. Jenkins versiones 2.251 y anteriores, versiones LTS 2.235.3 y anteriores, no escapan el contenido de tooltip de los iconos de ayuda, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. Tooltip values, which are not properly escaped, can be contrib... • https://packetstorm.news/files/id/160443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2223 – jenkins: Stored XSS vulnerability in console links
https://notcve.org/view.php?id=CVE-2020-2223
15 Jul 2020 — Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. Jenkins versiones 2.244 y anteriores, LTS versiones 2.235.1 y anteriores, no escapan apropiadamente el atributo "href" de los enlaces en trabajos posteriores que se muestran en la página de la consola de compilación, resultando en una vulnerabilidad de tipo cross-site scripting almacenado A... • http://www.openwall.com/lists/oss-security/2020/07/15/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2222 – jenkins: Stored XSS vulnerability in 'keep forever' badge icons
https://notcve.org/view.php?id=CVE-2020-2222
15 Jul 2020 — Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. Jenkins versiones 2.244 y anteriores, LTS versiones 2.235.1 y anteriores, no escapan el nombre del trabajo en la información sobre herramientas de la insignia "Keep this build forever", resultando en una vulnerabilidad de tipo cross-site scripting almacenado A flaw was found in jenkins in versions prior to 2.244 and versions... • http://www.openwall.com/lists/oss-security/2020/07/15/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2220 – jenkins: Stored XSS vulnerability in job build time trend
https://notcve.org/view.php?id=CVE-2020-2220
15 Jul 2020 — Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. Jenkins versiones 2.244 y anteriores, LTS versiones 2.235.1 y anteriores, no escapan el nombre del agente en la página de tendencia del tiempo de compilación, resultando en una vulnerabilidad de tipo cross-site scripting almacenado A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.235.1 and prior. The agent name is not escap... • http://www.openwall.com/lists/oss-security/2020/07/15/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2221 – jenkins: Stored XSS vulnerability in upstream cause
https://notcve.org/view.php?id=CVE-2020-2221
15 Jul 2020 — Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. Jenkins versiones 2.244 y anteriores, LTS versiones 2.235.1 y anteriores, no escapan el nombre a desplegar del trabajo anterior que se muestra como parte de una causa de compilación, resultando en una vulnerabilidad de tipo cross-site scripting almacenado A flaw was found in Jenkins versions 2.244 and prior and in LTS 2.2... • http://www.openwall.com/lists/oss-security/2020/07/15/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2162
https://notcve.org/view.php?id=CVE-2020-2162
25 Mar 2020 — Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability. Jenkins versiones 2.227 y anteriores, LTS versiones 2.204.5 y anteriores, no establecen encabezados Content-Security-Policy para los archivos cargados como parámetros de archivo en una compilación, resultando en una vulnerabilidad de tipo XSS almacenado. • http://www.openwall.com/lists/oss-security/2020/03/25/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2163
https://notcve.org/view.php?id=CVE-2020-2163
25 Mar 2020 — Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers. Jenkins versiones 2.227 y anteriores, LTS versiones 2.204.5 y anteriores, procesan inapropiadamente el contenido HTML de los encabezados de columna de visualización de lista, resultando en una vulnerabilidad de tipo XSS almacenado explotable por usuarios capaces de controlar encabezados de columna. • http://www.openwall.com/lists/oss-security/2020/03/25/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •