Jenkins Project Jenkins Mac Plugin vulnerabilities
3 known vulnerabilities affecting jenkins_project/jenkins_mac_plugin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-2146HIGHCVSS 7.4≥ unspecified, ≤ 1.1.02020-03-09
CVE-2020-2146 [HIGH] CWE-347 CVE-2020-2146: Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks.
cvelistv5nvd
CVE-2020-2147MEDIUMCVSS 4.3≥ unspecified, ≤ 1.1.02020-03-09
CVE-2020-2147 [MEDIUM] CWE-352 CVE-2020-2147: A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.
cvelistv5nvd
CVE-2020-2148MEDIUMCVSS 4.3≥ unspecified, ≤ 1.1.02020-03-09
CVE-2020-2148 [MEDIUM] CWE-863 CVE-2020-2148: A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Rea
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.
cvelistv5nvd