Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift
Subscriptions
Total
1061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2309 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2308 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||||
| CVE-2020-2307 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. | ||||
| CVE-2020-2306 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | ||||
| CVE-2020-2305 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2304 | 2 Jenkins, Redhat | 2 Subversion, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2255 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2020-2254 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2020-2252 | 2 Jenkins, Redhat | 2 Mailer, Openshift | 2024-11-21 | 4.8 Medium |
| Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | ||||
| CVE-2020-2231 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token. | ||||
| CVE-2020-2230 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. | ||||
| CVE-2020-2229 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2020-2226 | 2 Jenkins, Redhat | 2 Matrix Authorization Strategy, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2225 | 2 Jenkins, Redhat | 2 Matrix Project, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2224 | 2 Jenkins, Redhat | 2 Matrix Project, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2223 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2222 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2221 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2220 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-2190 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins Script Security Plugin 1.72 and earlier does not correctly escape pending or approved classpath entries on the In-process Script Approval page, resulting in a stored cross-site scripting vulnerability. | ||||