Max CVSS | 6.4 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2020-2309 | 4.0 |
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
|
25-10-2023 - 18:16 | 04-11-2020 - 15:15 | |
CVE-2020-2306 | 4.0 |
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
|
25-10-2023 - 18:16 | 04-11-2020 - 15:15 | |
CVE-2020-2308 | 4.0 |
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
|
25-10-2023 - 18:16 | 04-11-2020 - 15:15 | |
CVE-2020-2304 | 4.0 |
Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
25-10-2023 - 18:16 | 04-11-2020 - 15:15 | |
CVE-2020-2305 | 4.0 |
Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
|
25-10-2023 - 18:16 | 04-11-2020 - 15:15 | |
CVE-2020-2307 | 4.0 |
Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables.
|
25-10-2023 - 18:16 | 04-11-2020 - 15:15 | |
CVE-2020-26137 | 6.4 |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
|
08-10-2023 - 14:15 | 30-09-2020 - 18:15 | |
CVE-2019-11840 | 4.3 |
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 25
|
17-06-2023 - 00:15 | 09-05-2019 - 16:29 | |
CVE-2020-8554 | 6.0 |
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is conside
|
29-10-2022 - 02:41 | 21-01-2021 - 17:15 | |
CVE-2020-26137 | 5.0 |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
|
30-09-2020 - 18:19 | 30-09-2020 - 18:15 | |
CVE-2020-26137 | 5.0 |
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
|
30-09-2020 - 18:19 | 30-09-2020 - 18:15 |