» 2020 » 11월

CVE-2020-22276

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-22276

WeForms WordPress Plugin 1.4.7 allows CSV injection via a form’s entry.

Source: CVE-2020-22276

CVE-2020-2313

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2313

A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Source: CVE-2020-2313

CVE-2020-2319

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2319

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Source: CVE-2020-2319

CVE-2020-2312

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2312

Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs.

Source: CVE-2020-2312

CVE-2020-2314

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2314

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Source: CVE-2020-2314

CVE-2020-2315

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2315

Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Source: CVE-2020-2315

CVE-2020-2317

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2317

Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files to Jenkins FindBugs Plugin’s post build step.

Source: CVE-2020-2317

CVE-2020-2316

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2316

Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Source: CVE-2020-2316

CVE-2020-2318

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2318

Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Source: CVE-2020-2318

CVE-2020-2309

Posted on 2020년 11월 5일2020년 11월 5일 by admin

CVE-2020-2309

A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Source: CVE-2020-2309