VIR Vulnerability Intelligence Relay

CVEs from 2020

3,802 normalized CVEs published or assigned in this year.

Total
3,802
critical
critical 206
high
high 563
medium
medium 743
low
low 59
% Critical
5.4%
% with KEV
3.8%
% with exploit
5.4%

Top vendors

Top products

  • retail_xstore_point_of_service 33
  • banking_digital_experience 30
  • primavera_unifier 29
  • retail_service_backbone 15
  • financial_services_institutional_performance_analytics 13
  • insurance_policy_administration_j2ee 11
  • communications_network_charging_and_control 10
  • enterprise_manager_base_platform 10

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2020-2220 unknown 4y ago Stored XSS vulnerability in Jenkins job build time trend
CVE-2020-2223 unknown 4y ago Stored XSS vulnerability in Jenkins console links
CVE-2020-2219 unknown 4y ago Stored XSS vulnerability in Jenkins Link Column Plugin
CVE-2020-2217 unknown 4y ago Reflected XSS in Jenkins Compatibility Action Storage Plugin
CVE-2020-2214 unknown 4y ago Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin
CVE-2020-2215 unknown 4y ago CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin
CVE-2020-2216 unknown 4y ago Missing permission checks in Zephyr for JIRA Test Management Plugin
CVE-2020-2218 unknown 4y ago Password stored in plain text by Jenkins HP ALM Quality Center Plugin
CVE-2020-2207 unknown 4y ago Reflected XSS vulnerability in Jenkins VncViewer Plugin
CVE-2020-2211 unknown 4y ago RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
CVE-2020-2204 unknown 4y ago Missing permission checks in Jenkins Fortify on Demand Plugin
CVE-2020-2209 unknown 4y ago Password stored in plain text by Jenkins TestComplete support Plugin
CVE-2020-2208 unknown 4y ago Secret stored in plain text by Jenkins Slack Upload Plugin
CVE-2020-2210 unknown 4y ago Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
CVE-2020-2206 unknown 4y ago Reflected XSS vulnerability in Jenkins VncRecorder Plugin
CVE-2020-2212 unknown 4y ago Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin
CVE-2020-2213 unknown 4y ago Credentials stored in plain text by Jenkins White Source Plugin
CVE-2020-2201 unknown 4y ago Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin
CVE-2020-2205 unknown 4y ago Stored XSS vulnerability in Jenkins VncRecorder Plugin
CVE-2020-2202 unknown 4y ago Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
CVE-2020-2203 unknown 4y ago CSRF vulnerability in Jenkins Fortify on Demand Plugin
CVE-2020-10727 unknown 4y ago nsufficiently Protected Credentials in ActiveMQ Artemis
CVE-2020-10740 unknown 4y ago Wildfly Unsafe Deserialization Vulnerability
CVE-2020-5411 unknown 4y ago Deserialization of Untrusted Data in Spring Batch
CVE-2020-13445 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
CVE-2020-13444 unknown 4y ago Liferay Portal and Liferay DXP Fails to Sanitize API Data
CVE-2020-2198 unknown 4y ago Missing permission check in Jenkins Project Inheritance Plugin
CVE-2020-2200 unknown 4y ago OS command injection vulnerability in Jenkins Play Framework Plugin
CVE-2020-2199 unknown 4y ago XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin
CVE-2020-2192 unknown 4y ago CSRF vulnerability in Jenkins Swarm Plugin
CVE-2020-2197 unknown 4y ago Missing permission check in Jenkins Project Inheritance Plugin
CVE-2020-2191 unknown 4y ago Improper permission checks in Jenkins Swarm Plugin
CVE-2020-2190 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin
CVE-2020-2195 unknown 4y ago Stored XSS vulnerability in Jenkins Compact Columns Plugin
CVE-2020-2193 unknown 4y ago Stored XSS vulnerability in Jenkins ECharts API Plugin
CVE-2020-2194 unknown 4y ago Stored XSS vulnerability in Jenkins ECharts API Plugin
CVE-2020-2196 unknown 4y ago Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection
CVE-2020-13226 unknown 4y ago WSO2 API Manager vulnerable to SSRF
CVE-2020-1698 unknown 4y ago Keycloak leaks sensitive information in logged exceptions
CVE-2020-1724 unknown 4y ago Keycloak Insufficient Session Expiry
CVE-2020-12760 unknown 4y ago OpenNMS Horizon RCE via Unsafe Deserialization
CVE-2020-12691 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then …
CVE-2020-12692 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then …
CVE-2020-12689 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escala…
CVE-2020-2187 unknown 4y ago Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin
CVE-2020-2186 unknown 4y ago CSRF vulnerability in Amazon EC2 Plugin
CVE-2020-2181 unknown 4y ago Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
CVE-2020-2182 unknown 4y ago Improper masking of some secrets in Jenkins Credentials Binding Plugin
CVE-2020-2183 unknown 4y ago Improper permission checks in Jenkins Copy Artifact Plugin
CVE-2020-2184 unknown 4y ago CSRF vulnerability in Jenkins CVS Plugin
CVE-2020-2189 unknown 4y ago RCE vulnerability in SCM Filter Jervis Plugin
CVE-2020-2188 unknown 4y ago Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
CVE-2020-2185 unknown 4y ago Missing SSH host key validation in Jenkins Amazon EC2 Plugin
CVE-2020-10686 unknown 4y ago Keycloak users may be able to remove MFA from other users' devices
CVE-2020-1745 unknown 4y ago Improper Authorization in Undertoe
CVE-2020-1757 unknown 4y ago Improper Input Validation in Undertow
CVE-2020-2178 unknown 4y ago XXE vulnerability in Jenkins Parasoft Findings Plugin
CVE-2020-2180 unknown 4y ago RCE vulnerability in Jenkins AWS SAM Plugin
CVE-2020-2177 unknown 4y ago Credentials stored in plain text by Jenkins Copr Plugin
CVE-2020-2179 unknown 4y ago RCE vulnerability in Jenkins Yaml Axis Plugin
CVE-2020-2172 unknown 4y ago XXE vulnerability in Jenkins Code Coverage API Plugin
CVE-2020-2173 unknown 4y ago XSS vulnerability in Jenkins Gatling Plugin
CVE-2020-2175 unknown 4y ago Stored XSS vulnerability in Jenkins FitNesse Plugin
CVE-2020-2174 unknown 4y ago Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin
CVE-2020-2176 unknown 4y ago XSS vulnerability in Jenkins useMango Runner Plugin
CVE-2020-7009 unknown 4y ago Improper Privilege Management in Elasticsearch
CVE-2020-7599 unknown 4y ago Exposure of Sensitive Information in Gradle publish plugin
CVE-2020-2169 unknown 4y ago Reflected XSS vulnerability in Jenkins Queue cleanup Plugin
CVE-2020-2171 unknown 4y ago XXE vulnerability in Jenkins RapidDeploy Plugin
CVE-2020-2168 unknown 4y ago RCE vulnerability in Jenkins Azure Container Service Plugin
CVE-2020-2162 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2161 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2170 unknown 4y ago Stored XSS vulnerability in Jenkins RapidDeploy Plugin
CVE-2020-2160 unknown 4y ago Cross-Site Request Forgery in Jenkins
CVE-2020-2164 unknown 4y ago Passwords stored in plain text by Jenkins Artifactory Plugin
CVE-2020-2165 unknown 4y ago Passwords transmitted in plain text by Jenkins Artifactory Plugin
CVE-2020-2163 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Jenkins
CVE-2020-2166 unknown 4y ago RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
CVE-2020-2157 unknown 4y ago Credentials transmitted in plain text by Skytap Cloud CI Plugin
CVE-2020-2158 unknown 4y ago Remote Code Execution vulnerability in Jenkins Literate Plugin
CVE-2020-2159 unknown 4y ago OS command injection in CryptoMove Plugin
CVE-2020-2148 unknown 4y ago Missing permission checks in Mac Plugin
CVE-2020-2153 unknown 4y ago Credentials transmitted in plain text by Backlog Plugin
CVE-2020-2156 unknown 4y ago Credentials transmitted in plain text by Jenkins DeployHub Plugin
CVE-2020-2155 unknown 4y ago Credentials transmitted in plain text by OpenShift Deployer Plugin
CVE-2020-2152 unknown 4y ago Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)
CVE-2020-2154 unknown 4y ago Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
CVE-2020-2146 unknown 4y ago Missing SSH host key validation in Mac Plugin
CVE-2020-2138 unknown 4y ago XXE vulnerability in Jenkins Cobertura Plugin
CVE-2020-2147 unknown 4y ago CSRF vulnerability in Mac Plugin
CVE-2020-2141 unknown 4y ago CSRF vulnerability in Jenkins P4 Plugin
CVE-2020-2149 unknown 4y ago Credentials transmitted in plain text by Repository Connector Plugin
CVE-2020-2143 unknown 4y ago Credentials transmitted in plain text by Jenkins Logstash Plugin
CVE-2020-2144 unknown 4y ago XXE vulnerability in Rundeck Plugin
CVE-2020-2142 unknown 4y ago Missing permission checks in Jenkins P4 Plugin
CVE-2020-2150 unknown 4y ago Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
CVE-2020-2145 unknown 4y ago Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
CVE-2020-2151 unknown 4y ago Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
CVE-2020-2140 unknown 4y ago XSS vulnerability in Jenkins Audit Trail Plugin
CVE-2020-2137 unknown 4y ago Stored XSS vulnerability in Jenkins Timestamper Plugin