Export limit exceeded: 11590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35682 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 8.8 High |
| Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login). | ||||
| CVE-2020-35625 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.8 High |
| An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment. | ||||
| CVE-2020-35501 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 3.4 Low |
| A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | ||||
| CVE-2020-2323 | 1 Netflix | 1 Chaos Monkey | 2024-11-21 | 5.3 Medium |
| Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | ||||
| CVE-2020-2322 | 1 Netflix | 1 Chaos Monkey | 2024-11-21 | 7.5 High |
| Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | ||||
| CVE-2020-2309 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2308 | 2 Jenkins, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. | ||||
| CVE-2020-2306 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. | ||||
| CVE-2020-2302 | 1 Jenkins | 1 Active Directory | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. | ||||
| CVE-2020-2285 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2020-2282 | 1 Jenkins | 1 Implied Labels | 2024-11-21 | 4.3 Medium |
| Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. | ||||
| CVE-2020-2272 | 1 Jenkins | 1 Elastest | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2020-2267 | 1 Jenkins | 1 Mongodb | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2260 | 1 Jenkins | 1 Perfecto | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. | ||||
| CVE-2020-2258 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2024-11-21 | 4.3 Medium |
| Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | ||||
| CVE-2020-2255 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2020-2242 | 1 Jenkins | 1 Database | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. | ||||
| CVE-2020-2234 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins. | ||||
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2024-11-21 | 8.8 High |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | ||||