Type Jenkins Plugin


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.


The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (325): 360 FireLine Plugin, Absint Astree Plugin, AccuRev Plugin, Active Choices Plugin, Active Directory Plugin, Agiletestware Pangolin Connector for TestRail Plugin, Alauda DevOps Pipeline Plugin, Amazon EC2 Plugin, Amazon SNS Build Notifier Plugin, Android Lint Plugin, Ansible Plugin, Ansible Tower Plugin, Ant Plugin, Applatix Plugin, AppSpider Plugin, Aqua MicroScanner Plugin, Aqua Security Serverless Scanner Plugin, Arquillian Steps Plugin, Artifactory Plugin, Assembla Auth Plugin, Assembla Plugin, Audit to Database Plugin, Audit Trail Plugin, Avatar Plugin, aws-device-farm Plugin, AWSEB Deployment Plugin, AWS CloudWatch Logs Publisher Plugin, AWS CodeBuild Plugin, AWS CodeDeploy Plugin, AWS CodePipeline Plugin, AWS Elastic Beanstalk Publisher Plugin, AWS SAM Plugin, Azure AD Plugin, Azure Event Grid Build Notifier Plugin, Azure PublisherSettings Credentials Plugin, Azure VM Agents Plugin, Backlog Plugin, Badge Plugin, Beaker Builder Plugin, Bitbucket Approve Plugin, Bitbucket OAuth Plugin, Black Duck Detect Plugin, Black Duck Hub Plugin, Blue Ocean Plugin, BMC Release Package, Brakeman Plugin, build-metrics Plugin, Build-Publisher Plugin, buildgraph-view Plugin, Build Environment Plugin, Build Failure Analyzer Plugin, Build Pipeline Plugin, Bumblebee HP ALM Plugin, Cadence vManager Plugin, Caliper CI Plugin, Call Remote Job Plugin, CAS Plugin, CCM Plugin, Checkstyle Plugin, Chef Sinatra Plugin, chosen-views-tabbar Plugin, ClearCase Release Plugin, CloudCoreo DeployTime Plugin, Cobertura Plugin, Codefresh Integration Plugin, CodeScan Plugin, CollabNet Plugin, Compact Columns Plugin, Compatibility Action Storage Plugin, computer-queue-plugin, Configuration as Code Plugin, Config File Provider Plugin, Confluence Publisher Plugin, Copr Plugin, Copy Artifact Plugin, Copy Data to Workspace Plugin, Copy To Slave Plugin, couchdb-statistics Plugin, Coverage-Complexity Scatter Plot Plugin, Coverity Plugin, CppNCSS Plugin, Credentials Binding Plugin, Credentials Plugin, crittercism-dsym Plugin, Crowd 2 Integration Plugin, Crowd 2 Intergration Plugin, Crowd Integration Plugin, CRX Content Package Deployer Plugin, CryptoMove Plugin, Cucumber Living Documentation Plugin, Custom Job Icon Plugin, CVS Plugin, Dashboard View Plugin, Database Plugin, Data Theorem CI-CD Plugin, Debian Package Builder Plugin, Delivery Pipeline Plugin, Delphix Plugin, Dependency Graph Viewer Plugin, Deployer Framework Plugin, DeployHub Plugin, Deployment Plugin, Description Column Plugin, Diawi Upload Plugin, DigitalOcean Plugin, Dingding Plugin, Distributed Fork Plugin, DRY Plugin, Dynamic Extended Choice Parameter Plugin, Dynatrace Application Monitoring Plugin, Eagle Tester Plugin, ECS Publisher Plugin, ECX Copy Data Management Plugin, eggPlant Plugin, ElasTest Plugin, ElasticBox CI Plugin, ElectricFlow Plugin, elOyente Plugin, Email Extension Plugin, Email Extension Template Plugin, Embeddable Build Status Plugin, Extended Choice Parameter Plugin, Extra Columns Plugin, Fabric Beta Publisher Plugin, Favorite Plugin, FindBugs Plugin, FitNesse Plugin, Flaky Test Handler Plugin, Fortify CloudScan Plugin, Fortify on Demand Plugin, Fortify on Demand Uploader Plugin, Fortify Plugin, FTP Publisher Plugin, Gatling Plugin, Gearman Plugin, Gem Publisher Plugin, Gerrit Trigger Plugin, Gitea Plugin, global-build-stats Plugin, Global Post Script Plugin, Gogs Plugin, Google Compute Engine Plugin, Google Login Plugin, Google OAuth Credentials Plugin, Google Play Android Publisher Plugin, Groovy Plugin, Groovy Postbuild Plugin, Health Advisor by CloudBees Plugin, Hipchat Plugin, HockeyApp Plugin, HP ALM Quality Center Plugin, HTML Publisher Plugin, Hyper.sh Commons Plugin, iceScrum Plugin, Implied Labels Plugin, Inedo BuildMaster Plugin, Inedo ProGet Plugin, InfluxDB Plugin, Jabber Server Plugin, JClouds Plugin, JenkinsAppDynamics Dashboard Plugin, jira-ext Plugin, Jira Issue Updater Plugin, Jira Plugin, JMS Messaging Plugin, Job, Job Config History Plugin, Job Import Plugin, JSGames Plugin, JUnit Plugin, JX Resources Plugin, Kanboard Plugin, Klaros-Testmanagement Plugin, Klocwork Analysis Plugin, Kmap Plugin, Koji Plugin, Link Column Plugin, Liquibase Runner Plugin, Literate Plugin, Lockable Resources Plugin, Logstash Plugin, Log Parser Plugin, mabl Plugin, Mac Plugin, Mailer Plugin, Mail Commander Plugin for Jenkins-ci Plugin, Mashup Portlets Plugin, Mask Passwords Plugin, Matrix Authorization Strategy Plugin, Mattermost Notification Plugin, Maven Artifact ChoiceListProvider Plugin, Maven Cascade Release Plugin, Maven Integration Plugin, Maven Plugin, Maven Release Plugin, meliora-testlab Plugin, Mercurial Plugin, Mesos Plugin, Minio Storage Plugin, Mission Control Plugin, Monitoring plugin, Multijob Plugin, NeoLoad Plugin, Nerrvana Plugin, NeuVector Vulnerability Scanner Plugin, Node Ownership Plugin, Nomad Plugin, NUnit Plugin, OctopusDeploy Plugin, Official OWASP ZAP Plugin, ontrack Plugin, OpenId Connect Authentication Plugin, openid Plugin, Open STF Plugin, P4 Plugin, PAM Authentication Plugin, Parameterized Remote Trigger Plugin, Parasoft Environment Manager Plugin, Parasoft Findings Plugin, PegDown Formatter Plugin, Perfecto Mobile Plugin, Perfecto Plugin, Perforce Plugin, Persona Plugin, Pipeline Aggregator View Plugin, Pipeline: AWS Steps Plugin, Pipeline: Classpath Step Plugin, Pipeline Groovy Plugin, Pipeline Maven Integration Plugin, Pipeline Remote Loader Plugin, Pipeline: Supporting APIs Plugin, Play Framework Plugin, PMD Plugin, Port Allocator Plugin, Promoted Builds Plugin, PRQA Plugin, Publisher Over CIFS Plugin, Quality Gates Plugin, Queue Cleanup Plugin, RadarGun Plugin, Radiator View Plugin, RapidDeploy Plugin, Rebuilder Plugin, Release Plugin, Relution Enterprise Appstore Publisher Plugin, Repository Connector Plugin, Resource Disposer Plugin, Robert Sandell and Tomas Westling Build Failure Analyzer Plugin, Robot Framework Plugin, Role-based Authorization Strategy Plugin, Rundeck Plugin, S3 Plugin, S3 publisher Plugin, SaltStack Plugin, Sametime Plugin, SAML Plugin, Script Security Plugin, SCTMExecutor Plugin, Selection tasks Plugin, Selenium Plugin, Self-Organizing Swarm Plug-in Modules Plugin, Serena SRA Deploy Plugin, Shared Groovy Libraries Plugin, Shared Objects Plugin, Simple Travis Pipeline Runner Plugin, SiteMonitor Plugin, SMS Notification Plugin, SOASTA CloudTest Plugin, Sonargraph Integration Plugin, SonarQube Scanner Plugin, Sonarsource Jenkins Plugin, Sonar Gerrit Plugin, Sounds Plugin, SourceGear Vault Plugin, Speaks! Plugin, Spira Importer Plugin, StarTeam Plugin, Stash Branch Parameter Plugin, Static Analysis Utilities Plugin, Storable Configs Plugin, Subversion Partial Release Manager Plugin, Subversion Plugin, Subversion Release Manager Plugin, Support Core Plugin, Swarm Plugin Client, TAP Plugin, Team Concert Plugin, Team Foundation Server, TestFairy Plugin, TestLink Plugin, Timestamper Plugin, Tinfoil Security Plugin, Token Macro Plugin, TraceTronic ECU-TEST Plugin, Trac Publisher Plugin, Translation Assistance Plugin, Upload to pgyer Plugin, URLTrigger Plugin, useMango Runner Plugin, Valgrind Plugin, Validating String Parameter Plugin, veracode-scanner Plugin, vFabric Application Director Plugin, Visualizer Plugin, Visualworks Store Plugin, VMware Lab Manager Slaves Plugin, VncRecorder Plugin, VncViewer Plugin, vSphere Plugin, VS Team Services Continuous Deployment Plugin, Wall Display Plugin, Warnings Next Generation Plugin, Warnings NG Plugin, Warnings Plugin, WebSphere Deployer Plugin, Weibo Plugin, White Source Plugin, XebiaLabs XL Deploy Plugin, XL TestView Plugin, Yaml Axis Plugin, youtrack-plugin Plugin, ZAP Pipeline Plugin, Zephyr Enterprise Test Management Plugin, zOS Connector Plugin, Zulip Plugin

11/04/20203.53.5VMware Lab Manager Slaves Plugin credentials storageVMware Lab Manager Slaves PluginNot DefinedNot Defined0.06CVE-2020-2319
11/04/20203.53.5Mail Commander Plugin for Jenkins-ci Plugin credentials storageMail Commander Plugin for Jenkins-ci PluginNot DefinedNot Defined0.08CVE-2020-2318
11/04/20203.53.5FindBugs Plugin Tooltip cross site scriptingFindBugs PluginNot DefinedNot Defined0.04CVE-2020-2317
11/04/20203.53.5Static Analysis Utilities Plugin Tooltip Configure cross site scriptingStatic Analysis Utilities PluginNot DefinedNot Defined0.07CVE-2020-2316
11/04/20205.55.5Visualworks Store Plugin XML Parser xml external entity referenceVisualworks Store PluginNot DefinedNot Defined0.07CVE-2020-2315
11/04/20203.53.5AppSpider Plugin Configuration File credentials storageAppSpider PluginNot DefinedNot Defined0.07CVE-2020-2314
11/04/20203.53.5Ansible Plugin authorizationAnsible PluginNot DefinedNot Defined0.04CVE-2020-2310
11/04/20203.53.5Mercurial Plugin Installation authorizationMercurial PluginNot DefinedNot Defined0.00CVE-2020-2306
11/04/20205.55.5Mercurial Plugin XML Parser xml external entity referenceMercurial PluginNot DefinedNot Defined0.00CVE-2020-2305
11/04/20205.55.5Subversion Plugin XML Parser xml external entity referenceSubversion PluginNot DefinedNot Defined0.07CVE-2020-2304
11/04/20203.53.5Active Directory Plugin cross-site request forgeryActive Directory PluginNot DefinedNot Defined0.06CVE-2020-2303
11/04/20205.55.5Active Directory Plugin Domain Health Check Diagnostic Page authorizationActive Directory PluginNot DefinedNot Defined0.06CVE-2020-2302
11/04/20206.36.3Active Directory Plugin Windows ADSI Mode improper authenticationActive Directory PluginNot DefinedNot Defined0.06CVE-2020-2301
11/04/20206.36.3Active Directory Plugin Windows ADSI Mode improper authenticationActive Directory PluginNot DefinedNot Defined0.07CVE-2020-2300
11/04/20206.36.3Active Directory Plugin improper authenticationActive Directory PluginNot DefinedNot Defined0.04CVE-2020-2299
10/08/20206.06.0Nerrvana Plugin XML Parser xml external entity referenceNerrvana PluginNot DefinedNot Defined0.00CVE-2020-2298
10/08/20203.43.4SMS Notification Plugin Global Configuration cleartext storageSMS Notification PluginNot DefinedNot Defined0.00CVE-2020-2297
10/08/20203.93.9Shared Objects Plugin Shared Object cross-site request forgeryShared Objects PluginNot DefinedNot Defined0.06CVE-2020-2296
10/08/20205.05.0Maven Cascade Release Plugin cross-site request forgeryMaven Cascade Release PluginNot DefinedNot Defined0.00CVE-2020-2295
10/08/20206.06.0Maven Cascade Release Plugin Permission Check authorizationMaven Cascade Release PluginNot DefinedNot Defined0.07CVE-2020-2294
10/08/20205.05.0Persona Plugin Permission path traversalPersona PluginNot DefinedNot Defined0.00CVE-2020-2293
10/08/20204.44.4Release Plugin Badge Tooltip cross site scriptingRelease PluginNot DefinedNot Defined0.00CVE-2020-2292
10/08/20203.43.4couchdb-statistics Plugin Global Configuration cleartext storagecouchdb-statistics PluginNot DefinedNot Defined0.00CVE-2020-2291
10/08/20204.44.4Active Choices Plugin Sandbox cross site scriptingActive Choices PluginNot DefinedNot Defined0.00CVE-2020-2290
10/08/20204.44.4Active Choices Plugin cross site scriptingActive Choices PluginNot DefinedNot Defined0.00CVE-2020-2289

Do you want to use VulDB in your project?

Use the official API to access entries easily!