» 2020 » 9월

CVE-2020-2254

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2254

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

Source: CVE-2020-2254

CVE-2020-2266

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2266

Jenkins Description Column Plugin 1.3 and earlier does not escape the job description in the column tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Source: CVE-2020-2266

CVE-2020-2256

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job’s display name shown as part of a build cause, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Source: CVE-2020-2256

CVE-2020-2257

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2257

Jenkins Validating String Parameter Plugin 2.4 and earlier does not escape various user-controlled fields, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Source: CVE-2020-2257

CVE-2020-2258

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2258

Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.

Source: CVE-2020-2258

CVE-2020-2259

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2259

Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Source: CVE-2020-2259

CVE-2020-2260

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2260

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

Source: CVE-2020-2260

CVE-2020-2261

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2261

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller

Source: CVE-2020-2261

CVE-2020-2265

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2265

Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not escape the method information in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to the plugin’s post-build step.

Source: CVE-2020-2265

CVE-2020-2255

Posted on 2020년 9월 16일2020년 9월 17일 by admin

CVE-2020-2255

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Source: CVE-2020-2255