diff --git a/2020/2xxx/CVE-2020-2109.json b/2020/2xxx/CVE-2020-2109.json index 0e9879c4173..dcde6fc0a6c 100644 --- a/2020/2xxx/CVE-2020-2109.json +++ b/2020/2xxx/CVE-2020-2109.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline: Groovy Plugin", + "version": { + "version_data": [ + { + "version_value": "2.78", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-265" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2110.json b/2020/2xxx/CVE-2020-2110.json index 3bdcc3424f2..37f0a15d9db 100644 --- a/2020/2xxx/CVE-2020-2110.json +++ b/2020/2xxx/CVE-2020-2110.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Script Security Plugin", + "version": { + "version_data": [ + { + "version_value": "1.69", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-265" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2111.json b/2020/2xxx/CVE-2020-2111.json index 31897d8630f..0e134141ab1 100644 --- a/2020/2xxx/CVE-2020-2111.json +++ b/2020/2xxx/CVE-2020-2111.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Subversion Plugin", + "version": { + "version_data": [ + { + "version_value": "2.13.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2112.json b/2020/2xxx/CVE-2020-2112.json index 350e83c0abc..29bf60c7bba 100644 --- a/2020/2xxx/CVE-2020-2112.json +++ b/2020/2xxx/CVE-2020-2112.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Git Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "0.9.4", + "version_affected": ">=" + }, + { + "version_value": "0.9.11", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2113.json b/2020/2xxx/CVE-2020-2113.json index 11bcad080dc..3b2022756d3 100644 --- a/2020/2xxx/CVE-2020-2113.json +++ b/2020/2xxx/CVE-2020-2113.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Git Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "0.9.4", + "version_affected": ">=" + }, + { + "version_value": "0.9.11", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2114.json b/2020/2xxx/CVE-2020-2114.json index b1c290e5abc..f53c8ba6fdb 100644 --- a/2020/2xxx/CVE-2020-2114.json +++ b/2020/2xxx/CVE-2020-2114.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins S3 publisher Plugin", + "version": { + "version_data": [ + { + "version_value": "0.11.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-319: Cleartext Transmission of Sensitive Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2115.json b/2020/2xxx/CVE-2020-2115.json index d609e53277b..aca2119d75b 100644 --- a/2020/2xxx/CVE-2020-2115.json +++ b/2020/2xxx/CVE-2020-2115.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins NUnit Plugin", + "version": { + "version_data": [ + { + "version_value": "0.25", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1752", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1752", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2116.json b/2020/2xxx/CVE-2020-2116.json index 7864c267f44..047fe84477f 100644 --- a/2020/2xxx/CVE-2020-2116.json +++ b/2020/2xxx/CVE-2020-2116.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline GitHub Notify Step Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2117.json b/2020/2xxx/CVE-2020-2117.json index bb82e50ceff..bdb566886d4 100644 --- a/2020/2xxx/CVE-2020-2117.json +++ b/2020/2xxx/CVE-2020-2117.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline GitHub Notify Step Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2118.json b/2020/2xxx/CVE-2020-2118.json index e541354aeb6..194b1eab8d2 100644 --- a/2020/2xxx/CVE-2020-2118.json +++ b/2020/2xxx/CVE-2020-2118.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Pipeline GitHub Notify Step Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2119.json b/2020/2xxx/CVE-2020-2119.json index 1462d878f46..b24c8c5e168 100644 --- a/2020/2xxx/CVE-2020-2119.json +++ b/2020/2xxx/CVE-2020-2119.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Azure AD Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1.2", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2120.json b/2020/2xxx/CVE-2020-2120.json index b2ae445810f..d54aedfeee2 100644 --- a/2020/2xxx/CVE-2020-2120.json +++ b/2020/2xxx/CVE-2020-2120.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins FitNesse Plugin", + "version": { + "version_data": [ + { + "version_value": "1.30", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2121.json b/2020/2xxx/CVE-2020-2121.json index 5baea9ae0cf..5a1cc0eb10c 100644 --- a/2020/2xxx/CVE-2020-2121.json +++ b/2020/2xxx/CVE-2020-2121.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Google Kubernetes Engine Plugin", + "version": { + "version_data": [ + { + "version_value": "0.8.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2122.json b/2020/2xxx/CVE-2020-2122.json index 2883d139fad..4879a3ec8a0 100644 --- a/2020/2xxx/CVE-2020-2122.json +++ b/2020/2xxx/CVE-2020-2122.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Brakeman Plugin", + "version": { + "version_data": [ + { + "version_value": "0.12", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2123.json b/2020/2xxx/CVE-2020-2123.json index 060d4c45b99..e6657d189fb 100644 --- a/2020/2xxx/CVE-2020-2123.json +++ b/2020/2xxx/CVE-2020-2123.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2123", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins RadarGun Plugin", + "version": { + "version_data": [ + { + "version_value": "1.7", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2124.json b/2020/2xxx/CVE-2020-2124.json index 0ab1dde4c99..cf6b910c48f 100644 --- a/2020/2xxx/CVE-2020-2124.json +++ b/2020/2xxx/CVE-2020-2124.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Dynamic Extended Choice Parameter Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.1", + "version_affected": "<=" + }, + { + "version_value": "1.0.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2125.json b/2020/2xxx/CVE-2020-2125.json index 07a1e1d2cd6..f5ed990552f 100644 --- a/2020/2xxx/CVE-2020-2125.json +++ b/2020/2xxx/CVE-2020-2125.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Debian Package Builder Plugin", + "version": { + "version_data": [ + { + "version_value": "1.6.11", + "version_affected": "<=" + }, + { + "version_value": "1.6.11", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2126.json b/2020/2xxx/CVE-2020-2126.json index c7f11d686fa..404078f873f 100644 --- a/2020/2xxx/CVE-2020-2126.json +++ b/2020/2xxx/CVE-2020-2126.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2126", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins DigitalOcean Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1", + "version_affected": "<=" + }, + { + "version_value": "1.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2127.json b/2020/2xxx/CVE-2020-2127.json index c8c257635ba..bdb1e9ea14e 100644 --- a/2020/2xxx/CVE-2020-2127.json +++ b/2020/2xxx/CVE-2020-2127.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2127", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins BMC Release Package and Deployment Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1", + "version_affected": "<=" + }, + { + "version_value": "1.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2128.json b/2020/2xxx/CVE-2020-2128.json index 336f098fb99..0d384d349b3 100644 --- a/2020/2xxx/CVE-2020-2128.json +++ b/2020/2xxx/CVE-2020-2128.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2128", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins ECX Copy Data Management Plugin", + "version": { + "version_data": [ + { + "version_value": "1.9", + "version_affected": "<=" + }, + { + "version_value": "1.9", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2129.json b/2020/2xxx/CVE-2020-2129.json index cf611fb21d3..6c32959cc9e 100644 --- a/2020/2xxx/CVE-2020-2129.json +++ b/2020/2xxx/CVE-2020-2129.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Eagle Tester Plugin", + "version": { + "version_data": [ + { + "version_value": "1.0.9", + "version_affected": "<=" + }, + { + "version_value": "1.0.9", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2130.json b/2020/2xxx/CVE-2020-2130.json index 85a99104157..5159ac385f4 100644 --- a/2020/2xxx/CVE-2020-2130.json +++ b/2020/2xxx/CVE-2020-2130.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Harvest SCM Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5.1", + "version_affected": "<=" + }, + { + "version_value": "0.5.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2131.json b/2020/2xxx/CVE-2020-2131.json index 56f1533b38b..0ce97ec6fe4 100644 --- a/2020/2xxx/CVE-2020-2131.json +++ b/2020/2xxx/CVE-2020-2131.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Harvest SCM Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5.1", + "version_affected": "<=" + }, + { + "version_value": "0.5.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2132.json b/2020/2xxx/CVE-2020-2132.json index 2300654122d..972f807cc10 100644 --- a/2020/2xxx/CVE-2020-2132.json +++ b/2020/2xxx/CVE-2020-2132.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2132", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Parasoft Environment Manager Plugin", + "version": { + "version_data": [ + { + "version_value": "2.14", + "version_affected": "<=" + }, + { + "version_value": "2.14", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1562", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1562", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2133.json b/2020/2xxx/CVE-2020-2133.json index 3bd8b10f820..5564b306775 100644 --- a/2020/2xxx/CVE-2020-2133.json +++ b/2020/2xxx/CVE-2020-2133.json @@ -1,17 +1,65 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2133", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Applatix Plugin", + "version": { + "version_data": [ + { + "version_value": "1.1", + "version_affected": "<=" + }, + { + "version_value": "1.1", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1540", + "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1540", + "refsource": "CONFIRM" } ] }