Jenkins Health Advisor By Cloudbees vulnerabilities

CVE-2025-47885 [HIGH] CWE-79 CVE-2025-47885: Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses.

CVE-2020-2258 [MEDIUM] CWE-863 CVE-2020-2258: Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.

CVE-2020-2093 [HIGH] CWE-352 CVE-2020-2093: A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and ear A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient.

CVE-2020-2094 [MEDIUM] CWE-862 CVE-2020-2094: A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows atta A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.