VIR Vulnerability Intelligence Relay

CVEs from 2020

3,802 normalized CVEs published or assigned in this year.

Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%

Top vendors

Top products

  • retail_xstore_point_of_service 33
  • banking_digital_experience 30
  • primavera_unifier 29
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 13
  • insurance_policy_administration_j2ee 11
  • communications_network_charging_and_control 10
  • enterprise_manager_base_platform 10

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2020-2314 unknown 4y ago Password stored in plain text by Jenkins AppSpider Plugin
CVE-2020-2315 unknown 4y ago XXE vulnerability in Jenkins Visualworks Store Plugin
CVE-2020-2309 unknown 4y ago Missing authorization in Jenkins Kubernetes Plugin
CVE-2020-2311 unknown 4y ago Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration
CVE-2020-2312 unknown 4y ago Password written to the build log by Jenkins SQLPlus Script Runner Plugin
CVE-2020-2310 unknown 4y ago Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs
CVE-2020-2308 unknown 4y ago Missing Authorization in Jenkins Kubernetes Plugin
CVE-2020-2313 unknown 4y ago Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs
CVE-2020-2302 unknown 4y ago Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page
CVE-2020-2303 unknown 4y ago CSRF vulnerability in Jenkins Active Directory Plugin
CVE-2020-2306 unknown 4y ago Missing Authorization in Jenkins Mercurial Plugin
CVE-2020-2299 unknown 4y ago Improper Authentication in Jenkins Active Directory Plugin
CVE-2020-2307 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin
CVE-2020-2300 unknown 4y ago Improper Authentication (empty password) in Jenkins Active Directory Plugin
CVE-2020-2301 unknown 4y ago Authentication cache in Active Directory Jenkins Plugin allows logging in with any password
CVE-2020-2304 unknown 4y ago XXE vulnerability in Jenkins Subversion Plugin
CVE-2020-2305 unknown 4y ago XXE vulnerability in Jenkins Mercurial Plugin
CVE-2020-25689 unknown 4y ago Uncontrolled Resource Consumption in WildFly
CVE-2020-10721 unknown 4y ago fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
CVE-2020-2295 unknown 4y ago CSRF vulnerability in Jenkins Maven Cascade Release Plugin
CVE-2020-2297 unknown 4y ago Access token stored in plain text by Jenkins SMS Notification Plugin
CVE-2020-2294 unknown 4y ago Missing permission checks in Jenkins Maven Cascade Release Plugin
CVE-2020-2298 unknown 4y ago XXE vulnerability in Jenkins Nerrvana Plugin
CVE-2020-2293 unknown 4y ago Arbitrary file read vulnerability in Jenkins Persona Plugin
CVE-2020-2288 unknown 4y ago Incorrect default pattern in Jenkins Audit Trail Plugin
CVE-2020-2292 unknown 4y ago Stored XSS vulnerability in Jenkins Release Plugin
CVE-2020-2291 unknown 4y ago Password stored in plain text by Jenkins couchdb-statistics Plugin
CVE-2020-2289 unknown 4y ago Stored XSS vulnerability in Jenkins Active Choices Plugin
CVE-2020-2290 unknown 4y ago Stored XSS vulnerability in Jenkins Active Choices Plugin
CVE-2020-2296 unknown 4y ago CSRF vulnerability in Jenkins Shared Objects Plugin
CVE-2020-25644 unknown 4y ago Wildfly-OpenSSL memory leak flaw
CVE-2020-15840 unknown 4y ago Liferay Portal and Liferay DXP Bypass via Double Encoded URL
CVE-2020-2279 unknown 4y ago Sandbox bypass vulnerability in Jenkins Script Security Plugin
CVE-2020-2285 unknown 4y ago Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
CVE-2020-2281 unknown 4y ago CSRF vulnerability in Jenkins Lockable Resources Plugin
CVE-2020-2282 unknown 4y ago Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin
CVE-2020-2283 unknown 4y ago Stored XSS vulnerability in Jenkins Liquibase Runner Plugin
CVE-2020-2280 unknown 4y ago CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
CVE-2020-2284 unknown 4y ago XXE vulnerability in Jenkins Liquibase Runner Plugin
CVE-2020-2273 unknown 4y ago CSRF vulnerability in Jenkins ElasTest Plugin
CVE-2020-2272 unknown 4y ago Missing permission checks in Jenkins ElasTest Plugin
CVE-2020-2276 unknown 4y ago System command execution vulnerability in Selection tasks Jenkins Plugin
CVE-2020-2275 unknown 4y ago Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin
CVE-2020-2277 unknown 4y ago Arbitrary file read vulnerability in Jenkins Storable Configs Plugin
CVE-2020-2278 unknown 4y ago Arbitrary file write vulnerability in Jenkins Storable Configs Plugin
CVE-2020-2274 unknown 4y ago Passwords stored in plain text by ElasTest Plugin
CVE-2020-2267 unknown 4y ago Missing permission checks in MongoDB Plugin
CVE-2020-2261 unknown 4y ago OS command execution vulnerability in Perfecto Plugin
CVE-2020-2270 unknown 4y ago Stored XSS vulnerability in ClearCase Release Plugin
CVE-2020-2265 unknown 4y ago Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin
CVE-2020-2260 unknown 4y ago Missing permission check in Perfecto Plugin
CVE-2020-2264 unknown 4y ago Stored XSS vulnerability in Custom Job Icon Plugin
CVE-2020-2266 unknown 4y ago Stored XSS vulnerability in Description Column Plugin
CVE-2020-2268 unknown 4y ago CSRF vulnerability in MongoDB Plugin
CVE-2020-2271 unknown 4y ago Stored XSS vulnerability in Locked Files Report Plugin
CVE-2020-2263 unknown 4y ago Stored XSS vulnerability in Radiator View Plugin
CVE-2020-2259 unknown 4y ago Stored XSS vulnerability in computer-queue-plugin Plugin
CVE-2020-2258 unknown 4y ago Incorrect permission check in Health Advisor by CloudBees Plugin
CVE-2020-2255 unknown 4y ago Missing permission check in Blue Ocean Plugin
CVE-2020-2256 unknown 4y ago Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
CVE-2020-2257 unknown 4y ago Stored XSS vulnerability in Validating String Parameter Plugin
CVE-2020-2252 unknown 4y ago Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
CVE-2020-2262 unknown 4y ago Stored XSS vulnerability in android-lint Plugin
CVE-2020-2254 unknown 4y ago Path traversal vulnerability in Blue Ocean Plugin
CVE-2020-2253 unknown 4y ago Missing hostname validation in Email Extension Plugin
CVE-2020-23814 unknown 4y ago xxl-job Multiple cross-site scripting (XSS) vulnerabilities
CVE-2020-23811 unknown 4y ago xxl-job sensitive data exposure
CVE-2020-2251 unknown 4y ago Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
CVE-2020-2248 unknown 4y ago Reflected XSS vulnerability in Jenkins JSGames Plugin
CVE-2020-2243 unknown 4y ago Stored XSS vulnerability in Jenkins Cadence vManager Plugin
CVE-2020-2250 unknown 4y ago Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
CVE-2020-2247 unknown 4y ago XXE vulnerability in Jenkins Klocwork Analysis Plugin
CVE-2020-2244 unknown 4y ago XSS vulnerability in Jenkins Build Failure Analyzer Plugin
CVE-2020-2238 unknown 4y ago Stored XSS vulnerability in Jenkins Git Parameter Plugin
CVE-2020-2246 unknown 4y ago Stored XSS vulnerability in Jenkins Valgrind Plugin
CVE-2020-2242 unknown 4y ago Missing permission checks in Jenkins Database Plugin
CVE-2020-2239 unknown 4y ago Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
CVE-2020-2245 unknown 4y ago XXE vulnerability in Jenkins Valgrind Plugin
CVE-2020-2240 unknown 4y ago CSRF vulnerability in Jenkins Database Plugin
CVE-2020-2249 unknown 4y ago Credentials stored in plain text by Jenkins tfs Plugin
CVE-2020-2241 unknown 4y ago CSRF vulnerability in Jenkins Database Plugin
CVE-2020-17376 unknown 4y ago An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously under…
CVE-2020-15777 unknown 4y ago Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data
CVE-2020-7019 unknown 4y ago Improper privilege management in elasticsearch
CVE-2020-2237 unknown 4y ago CSRF vulnerability in Jenkins Flaky Test Handler Plugin
CVE-2020-2235 unknown 4y ago CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
CVE-2020-2234 unknown 4y ago Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
CVE-2020-2236 unknown 4y ago Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
CVE-2020-2233 unknown 4y ago Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
CVE-2020-2232 unknown 4y ago Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
CVE-2020-14297 unknown 4y ago Wildfly EJB Client causes DoS
CVE-2020-15842 unknown 4y ago Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
CVE-2020-15841 unknown 4y ago Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
CVE-2020-2222 unknown 4y ago Stored XSS vulnerability in Jenkins 'keep forever' badge icon
CVE-2020-2225 unknown 4y ago Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
CVE-2020-2227 unknown 4y ago Stored XSS vulnerability in Jenkins Deployer Framework Plugin
CVE-2020-2228 unknown 4y ago Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin
CVE-2020-2226 unknown 4y ago Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
CVE-2020-2221 unknown 4y ago Stored XSS vulnerability in Jenkins upstream cause
CVE-2020-2224 unknown 4y ago Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin