← Back

Sounds

sounds

Vendor: Jenkins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-2098
1Jenkins
1Sounds
Nov 21, 2024
Jan 15, 2020
N/A· v4
8.8 HIGH· v3
9.3 HIGH· v2
A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.
CVE-2020-2097
1Jenkins
1Sounds
Nov 21, 2024
Jan 15, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jen...Show more
Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins.Show less