Jenkins Fortify On Demand — known CVE vulnerabilities
Every CVE whose affected-product data names Jenkins Fortify On Demand, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-10449 — CVSS 8.8 (high): Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by…
CVE-2020-2204 — CVSS 5.4 (medium): A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect…
CVE-2020-2202 — CVSS 4.3 (medium): A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read…
CVE-2020-2203 — CVSS 4.3 (medium): A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the…