Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-2320

Summary
Assigner-jenkins
Assigner Org ID-39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At-03 Dec, 2020 | 15:55
Updated At-04 Aug, 2024 | 07:09
Rejected At-
Credits

Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jenkins
Assigner Org ID:39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At:03 Dec, 2020 | 15:55
Updated At:04 Aug, 2024 | 07:09
Rejected At:
▼CVE Numbering Authority (CNA)

Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.

Affected Products
Vendor
JenkinsJenkins project
Product
Jenkins Plugin Installation Manager Tool
Versions
Affected
  • From unspecified through 2.1.3 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/12/03/2
mailing-list
x_refsource_MLIST
Hyperlink: https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2020/12/03/2
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2020/12/03/2
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2020/12/03/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jenkinsci-cert@googlegroups.com
Published At:03 Dec, 2020 | 16:15
Updated At:25 Oct, 2023 | 18:16

Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Jenkins
jenkins
>>installation_manager_tool>>Versions up to 2.1.3(inclusive)
cpe:2.3:a:jenkins:installation_manager_tool:*:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-494Primarynvd@nist.gov
CWE ID: CWE-494
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2020/12/03/2jenkinsci-cert@googlegroups.com
Third Party Advisory
https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856jenkinsci-cert@googlegroups.com
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2020/12/03/2
Source: jenkinsci-cert@googlegroups.com
Resource:
Third Party Advisory
Hyperlink: https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-1856
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

65Records found
CVE-2023-40254
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.5||HIGH
EPSS-0.04% / 11.06%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 06:08
Updated-10 Oct, 2024 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

Action-Not Available
Vendor-geniansGeniansgenians
Product-genian_nacgenian_ztnaGenian ZTNAGenian NAC V5.0Genian NAC V4.0Genian NAC Suite V5.0genian_nac
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2023-4041
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.59%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 04:09
Updated-03 Oct, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.

Action-Not Available
Vendor-silabsSilicon Labssilabs
Product-gecko_bootloaderGecko Bootloadergecko_bootloader
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-913
Improper Control of Dynamically-Managed Code Resources
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-28332
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.84%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 18:23
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.

Action-Not Available
Vendor-barcon/a
Product-wepresent_wipg-1600wwepresent_wipg-1600w_firmwaren/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2022-24117
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.06% / 20.18%
||
7 Day CHG~0.00%
Published-26 Dec, 2022 | 00:00
Updated-12 Apr, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

Action-Not Available
Vendor-gen/a
Product-inet_900_firmwaresd4sd9td220x_firmwaresd9_firmwareinet_ii_900sd1sd1_firmwaretd220maxinet_ii_900_firmwaresd2_firmwareinet_900sd4_firmwaretd220max_firmwaresd2td220xn/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2023-37220
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.06%
||
7 Day CHG~0.00%
Published-03 Sep, 2023 | 13:47
Updated-01 Oct, 2024 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Synel Terminals - CWE-494: Download of Code Without Integrity Check

Synel Terminals - CWE-494: Download of Code Without Integrity Check

Action-Not Available
Vendor-synelSynelsynel
Product-biolite-n2_firmwaresy-785sy-7500_firmwaresy-910_firmwaresy-777_firmwaresy-755sy-777sy-751_firmwaresy-755_firmwaresy-745synergy_5_firmwaresynergybioentry-w2_firmwaresy-715_firmwaresynergy\/x_firmwaresynergy_touchsynergy\/xsy-785_firmwarebioentry-w2sy-711sy-745_firmwaresy-910sy-765_firmwaresy-780_firmwarebioentry_p2synergy_firmwaresynergy_10sy-715biolite-n2bioentry_p2_firmwaresynergy\/asy-711_firmwaresynergy_10_firmwaresynergy\/a_firmwaresy110_face_firmwaresy-780sy-751sy-765sy110_facesy-7500synergy_touch_firmwaresynergy_5Terminalsterminals
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-22658
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 39.19%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image.

Action-Not Available
Vendor-ruckuswirelessn/a
Product-zonedirector_3000zonedirector_1200_firmwaret300_firmwarescg200_firmwarer600sz-100_firmwarevszvsz_firmwarer310_firmwarer600_firmwarer500_firmwarezonedirector_1100r500zonedirector_5000t301szonedirector_1100_firmwaret301s_firmwarer310zonedirector_3000_firmwarezonedirector_5000_firmwaret300scg200sz-300_firmwaresz-100zonedirector_1200t301n_firmwaresz-300t301nn/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-22654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.10%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 00:00
Updated-03 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error.

Action-Not Available
Vendor-ruckuswirelessn/a
Product-zonedirector_3000zonedirector_1200_firmwaret300_firmwarescg200_firmwarer600sz-100_firmwarevszvsz_firmwarer310_firmwarer600_firmwarer500_firmwarezonedirector_1100r500zonedirector_5000t301szonedirector_1100_firmwaret301s_firmwarer310zonedirector_3000_firmwarezonedirector_5000_firmwaret300scg200sz-300_firmwaresz-100zonedirector_1200t301n_firmwaresz-300t301nn/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2025-31355
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 13:09
Updated-21 Aug, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6_firmwareac6AC6 V5.0
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2025-28236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.80%
||
7 Day CHG~0.00%
Published-18 Apr, 2025 | 00:00
Updated-22 Apr, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2019-19167
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.32%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 12:47
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tobesoft Nexacro14 ActiveX File Download Vulnerability

Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.

Action-Not Available
Vendor-tobesoftTobesoftMicrosoft Corporation
Product-windowsnexacroNexacro14
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2019-3801
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.07% / 22.05%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 20:17
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Java Projects using HTTP to fetch dependencies

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure protocol to fetch dependencies when building. A remote unauthenticated malicious attacker could hijack the DNS entry for the dependency, and inject malicious code into the component.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Cloud Foundry
Product-cf-deploymentcredhubuaa_releaseCredHubUAA Release (LTS)UAA Release (OSS)cf-deployment
CWE ID-CWE-494
Download of Code Without Integrity Check
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2024-45321
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.23%
||
7 Day CHG~0.00%
Published-27 Aug, 2024 | 00:00
Updated-05 Dec, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers.

Action-Not Available
Vendor-app\n/aperl
Product-\n/acpanminus
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2023-27574
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.27%
||
7 Day CHG~0.00%
Published-03 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.

Action-Not Available
Vendor-shadowsocksn/a
Product-shadowsocksx-ngn/a
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7826
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.23% / 46.04%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 15:01
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.

Action-Not Available
Vendor-eyesurferBflysoft
Product-bflyinstallerx.ocxEyeSurfer BflyInstallerX.ocx
CWE ID-CWE-494
Download of Code Without Integrity Check
CVE-2020-7813
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.43%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 13:05
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.

Action-Not Available
Vendor-kaoniKaoni
Product-ezhttptransezHTTPTrans
CWE ID-CWE-494
Download of Code Without Integrity Check
  • Previous
  • 1
  • 2
  • Next
Details not found