Skip to main content
CVE-2020-10192 MEDIUM POC This Month

An issue was discovered in Munkireport before 5.3.0.3923. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Munkireport
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2140 MEDIUM POC PATCH THREAT This Month

Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Audit Trail
NVD
CVSS 3.1
6.1
EPSS
76.0%
CVE-2020-10191 MEDIUM POC This Month

An issue was discovered in MunkiReport before 5.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Munkireport
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-10249 MEDIUM POC This Month

BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Direx Pro Firmware
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-2139 MEDIUM PATCH This Month

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Cobertura
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-9282 MEDIUM This Month

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mahara
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-10247 MEDIUM PATCH This Month

MISP 2.4.122 has Persistent XSS in the sighting popover tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-10246 MEDIUM PATCH This Month

MISP 2.4.122 has reflected XSS via unsanitized URL parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-2152 MEDIUM This Month

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Subversion Release Manager
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-10236 MEDIUM PATCH This Month

An issue was discovered in Froxlor before 0.10.14. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure PHP Froxlor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-2154 MEDIUM This Month

Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Atlassian Jenkins Information Disclosure Zephyr For Jira Test Management
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-2145 MEDIUM PATCH This Month

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Zephyr Enterprise Test Management
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-10237 MEDIUM This Month

An issue was discovered in Froxlor through 0.10.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition PHP Froxlor
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-4084 MEDIUM PATCH This Month

HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-9517 MEDIUM This Month

There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Service Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-2136 MEDIUM PATCH This Month

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Jenkins Git
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-2155 MEDIUM This Month

Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openshift Deployer
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2151 MEDIUM This Month

Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Quality Gates
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-2150 MEDIUM This Month

Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sonar Quality Gates
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2149 MEDIUM PATCH This Month

Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Repository Connector
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2143 MEDIUM PATCH This Month

Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Logstash
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2020-2137 MEDIUM PATCH This Month

Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Timestamper
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2020-9386 MEDIUM PATCH This Month

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Elastic Information Disclosure Mahara
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-2157 MEDIUM This Month

Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Skytap Cloud Ci
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-2156 MEDIUM This Month

Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Deployhub
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2153 MEDIUM PATCH This Month

Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Backlog
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2148 MEDIUM PATCH This Month

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Mac
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-2147 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Mac
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-2142 MEDIUM PATCH This Month

A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier allows attackers with Overall/Read permission to trigger builds. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass P4
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2141 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.10 and earlier allows attackers to trigger builds or add a labels in Perforce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins P4
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy