Max CVSS | 6.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-2255 | 4.0 |
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
|
25-10-2023 - 18:16 | 16-09-2020 - 14:15 | |
CVE-2019-16541 | 6.5 |
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
|
25-10-2023 - 18:16 | 21-11-2019 - 15:15 | |
CVE-2020-2252 | 5.8 |
Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.
|
25-10-2023 - 18:16 | 16-09-2020 - 14:15 | |
CVE-2020-2254 | 3.5 |
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
|
25-10-2023 - 18:16 | 16-09-2020 - 14:15 | |
CVE-2020-16845 | 5.0 |
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
|
03-02-2023 - 02:28 | 06-08-2020 - 18:15 | |
CVE-2020-15586 | 4.3 |
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
|
03-12-2022 - 14:31 | 17-07-2020 - 16:15 | |
CVE-2020-14370 | 4.0 |
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variable
|
07-11-2022 - 20:15 | 23-09-2020 - 13:15 | |
CVE-2020-8564 | 2.1 |
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.
|
29-03-2021 - 19:30 | 07-12-2020 - 22:15 | |
CVE-2020-14040 | 5.0 |
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 deco
|
18-11-2020 - 14:44 | 17-06-2020 - 20:15 | |
CVE-2020-14370 | 4.0 |
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variable
|
29-09-2020 - 18:33 | 23-09-2020 - 13:15 | |
CVE-2020-14370 | 4.0 |
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variable
|
29-09-2020 - 18:33 | 23-09-2020 - 13:15 | |
CVE-2020-16845 | 5.0 |
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
|
24-09-2020 - 12:15 | 06-08-2020 - 18:15 |