admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3232

Browse Source 
Auto-merge PR#3232
This commit is contained in:
CVE Team 2020-02-12 09:35:56 -05:00 committed by GitHub
commit 4638bc10f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 1298 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2020/2xxx/CVE-2020-2109.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2109",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline: Groovy Plugin",
"version": {
"version_data": [
{
"version_value": "2.78",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-265"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1710",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2110.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Script Security Plugin",
"version": {
"version_data": [
{
"version_value": "1.69",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-265"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1713",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2111.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Subversion Plugin",
"version": {
"version_data": [
{
"version_value": "2.13.0",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1725",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2112.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2112",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Git Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "0.9.4",
"version_affected": ">="
},
{
"version_value": "0.9.11",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2113.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2113",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Git Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "0.9.4",
"version_affected": ">="
},
{
"version_value": "0.9.11",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1709",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2114.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2114",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins S3 publisher Plugin",
"version": {
"version_data": [
{
"version_value": "0.11.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2115.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2115",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins NUnit Plugin",
"version": {
"version_data": [
{
"version_value": "0.25",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1752",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1752",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2116.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2116",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2117.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2117",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2118.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Pipeline GitHub Notify Step Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.4",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2119.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2119",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Azure AD Plugin",
"version": {
"version_data": [
{
"version_value": "1.1.2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1717",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2120.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins FitNesse Plugin",
"version": {
"version_data": [
{
"version_value": "1.30",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1751",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2121.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Google Kubernetes Engine Plugin",
"version": {
"version_data": [
{
"version_value": "0.8.0",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1731",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2122.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Brakeman Plugin",
"version": {
"version_data": [
{
"version_value": "0.12",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to control the Brakeman post-build step input data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1644",
"refsource": "CONFIRM"
}
]
}

62
2020/2xxx/CVE-2020-2123.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2123",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins RadarGun Plugin",
"version": {
"version_data": [
{
"version_value": "1.7",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1733",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2124.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Dynamic Extended Choice Parameter Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.1",
"version_affected": "<="
},
{
"version_value": "1.0.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1560",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2125.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Debian Package Builder Plugin",
"version": {
"version_data": [
{
"version_value": "1.6.11",
"version_affected": "<="
},
{
"version_value": "1.6.11",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1558",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2126.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2126",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins DigitalOcean Plugin",
"version": {
"version_data": [
{
"version_value": "1.1",
"version_affected": "<="
},
{
"version_value": "1.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1559",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2127.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2127",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins BMC Release Package and Deployment Plugin",
"version": {
"version_data": [
{
"version_value": "1.1",
"version_affected": "<="
},
{
"version_value": "1.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1547",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2128.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins ECX Copy Data Management Plugin",
"version": {
"version_data": [
{
"version_value": "1.9",
"version_affected": "<="
},
{
"version_value": "1.9",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2129.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2129",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Eagle Tester Plugin",
"version": {
"version_data": [
{
"version_value": "1.0.9",
"version_affected": "<="
},
{
"version_value": "1.0.9",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1552",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2130.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2130",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Harvest SCM Plugin",
"version": {
"version_data": [
{
"version_value": "0.5.1",
"version_affected": "<="
},
{
"version_value": "0.5.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2131.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2131",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Harvest SCM Plugin",
"version": {
"version_data": [
{
"version_value": "0.5.1",
"version_affected": "<="
},
{
"version_value": "0.5.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1553",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2132.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2132",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Parasoft Environment Manager Plugin",
"version": {
"version_data": [
{
"version_value": "2.14",
"version_affected": "<="
},
{
"version_value": "2.14",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1562",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1562",
"refsource": "CONFIRM"
}
]
}

66
2020/2xxx/CVE-2020-2133.json
View File

@ -1,17 +1,65 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-2133",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Jenkins project",
"product": {
"product_data": [
{
"product_name": "Jenkins Applatix Plugin",
"version": {
"version_data": [
{
"version_value": "1.1",
"version_affected": "<="
},
{
"version_value": "1.1",
"version_affected": "?>"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-256: Unprotected Storage of Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1540",
"url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1540",
"refsource": "CONFIRM"
}
]
}