» 2020 » 2월

CVE-2020-2132

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2132

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

Source: CVE-2020-2132

CVE-2020-2126

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2126

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.

Source: CVE-2020-2126

CVE-2020-8839

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-8839

Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field.

Source: CVE-2020-8839

CVE-2020-2133

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2133

Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

Source: CVE-2020-2133

CVE-2020-8815

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-8815

Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets.

Source: CVE-2020-8815

CVE-2020-2130

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2130

Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Source: CVE-2020-2130

CVE-2020-2119

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2119

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Source: CVE-2020-2119

CVE-2020-2115

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2115

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.

Source: CVE-2020-2115

CVE-2020-2123

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2123

Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Source: CVE-2020-2123

CVE-2020-2120

Posted on 2020년 2월 13일2020년 2월 13일 by admin

CVE-2020-2120

Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks.

Source: CVE-2020-2120