[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-2254":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":41,"duplicate_of":9,"upstream":43,"downstream":44,"duplicates":49,"related":50,"reserved_at":9,"published_at":51,"modified_at":52,"state":53,"summary":54,"references_raw":63,"kevs":94,"epss":95,"epss_history":98,"metrics":357,"affected":373},"CVE-2020-2254","Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.","weakness","Stable","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-126","Path Traversal",[],{"id":25,"name":26,"techniques":27},"CAPEC-64","Using Slashes and URL Encoding Combined to Bypass Validation Logic",[],{"id":29,"name":30,"techniques":31},"CAPEC-76","Manipulating Web Input to File System Calls",[],{"id":33,"name":34,"techniques":35},"CAPEC-78","Using Escaped Slashes in Alternate Encoding",[],{"id":37,"name":38,"techniques":39},"CAPEC-79","Using Slashes in Alternate Encoding",[],[],[42],"GHSA-vq7j-6pcq-f48p",[],[45,47],{"_key":46},"RHSA-2020:5102",{"_key":48},"RHSA-2020:4297",[],[],"2020-09-16T13:20:39.000Z","2024-08-04T07:01:41.187Z","Modified",{"cisa_kev":55,"cisa_ransomware":55,"cisa_vendor":9,"epss_severity":56,"epss_score":57,"severity":58,"severity_score":59,"severity_version":60,"severity_source":61,"severity_vector":62,"severity_status":53},false,"low",0.02419,"medium",6.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",[64,73,80,85,89],{"url":65,"sources":66,"tags":69},"https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956",[67,61,68],"cve.org","osv_maven",[70,71,72],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":74,"sources":75,"tags":76},"http://www.openwall.com/lists/oss-security/2020/09/16/3",[67,61,68],[77,78,79,72],"Mailing List","X Refsource MLIST","Third Party Advisory",{"url":81,"sources":82,"tags":83},"https://nvd.nist.gov/vuln/detail/CVE-2020-2254",[68],[84],"Advisory",{"url":86,"sources":87,"tags":88},"https://github.com/jenkinsci/blueocean-plugin/commit/f0dd4b68d62ac3c3c85012d6eb0c92bcebf85e12",[68],[72],{"url":90,"sources":91,"tags":92},"https://github.com/jenkinsci/blueocean-plugin",[68],[93],"PACKAGE",[],{"date":96,"score":57,"percentile":97},"2026-06-04",0.85398,[99,102,105,108,111,114,117,120,123,126,129,132,135,138,141,144,147,150,152,155,158,161,164,167,170,173,176,179,182,185,188,191,194,196,199,202,205,208,211,214,216,219,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,280,283,286,289,291,294,297,300,303,305,308,311,314,317,320,322,324,327,330,333,336,339,341,343,346,348,351,354],{"date":100,"score":57,"percentile":101},"2025-11-04",0.84569,{"date":103,"score":57,"percentile":104},"2025-11-05",0.84572,{"date":106,"score":57,"percentile":107},"2025-11-06",0.84575,{"date":109,"score":57,"percentile":110},"2025-11-07",0.84581,{"date":112,"score":57,"percentile":113},"2025-11-08",0.84586,{"date":115,"score":57,"percentile":116},"2025-11-09",0.84579,{"date":118,"score":57,"percentile":119},"2025-11-10",0.84577,{"date":121,"score":57,"percentile":122},"2025-11-11",0.84582,{"date":124,"score":57,"percentile":125},"2025-11-12",0.84592,{"date":127,"score":57,"percentile":128},"2025-11-13",0.84599,{"date":130,"score":57,"percentile":131},"2025-11-14",0.846,{"date":133,"score":57,"percentile":134},"2025-11-15",0.84594,{"date":136,"score":57,"percentile":137},"2025-11-16",0.84595,{"date":139,"score":57,"percentile":140},"2025-11-17",0.84585,{"date":142,"score":57,"percentile":143},"2025-11-18",0.83789,{"date":145,"score":57,"percentile":146},"2025-11-19",0.83792,{"date":148,"score":57,"percentile":149},"2025-11-20",0.83797,{"date":151,"score":57,"percentile":131},"2025-11-21",{"date":153,"score":57,"percentile":154},"2025-11-22",0.84597,{"date":156,"score":57,"percentile":157},"2025-11-23",0.84589,{"date":159,"score":57,"percentile":160},"2025-11-24",0.84587,{"date":162,"score":57,"percentile":163},"2025-11-25",0.84588,{"date":165,"score":57,"percentile":166},"2025-11-26",0.8459,{"date":168,"score":57,"percentile":169},"2025-11-27",0.84591,{"date":171,"score":57,"percentile":172},"2025-11-28",0.84573,{"date":174,"score":57,"percentile":175},"2025-11-29",0.84608,{"date":177,"score":57,"percentile":178},"2025-11-30",0.84609,{"date":180,"score":57,"percentile":181},"2025-12-01",0.84677,{"date":183,"score":57,"percentile":184},"2025-12-02",0.84679,{"date":186,"score":57,"percentile":187},"2025-12-03",0.8468,{"date":189,"score":57,"percentile":190},"2025-12-04",0.8461,{"date":192,"score":57,"percentile":193},"2025-12-05",0.84613,{"date":195,"score":57,"percentile":193},"2025-12-06",{"date":197,"score":57,"percentile":198},"2025-12-07",0.84605,{"date":200,"score":57,"percentile":201},"2025-12-08",0.84607,{"date":203,"score":57,"percentile":204},"2025-12-09",0.84619,{"date":206,"score":57,"percentile":207},"2025-12-10",0.84641,{"date":209,"score":57,"percentile":210},"2025-12-11",0.84646,{"date":212,"score":57,"percentile":213},"2025-12-12",0.84651,{"date":215,"score":57,"percentile":210},"2025-12-13",{"date":217,"score":57,"percentile":218},"2025-12-14",0.84647,{"date":220,"score":57,"percentile":210},"2025-12-15",{"date":222,"score":57,"percentile":223},"2025-12-16",0.84654,{"date":225,"score":57,"percentile":226},"2025-12-17",0.84658,{"date":228,"score":57,"percentile":229},"2025-12-18",0.84663,{"date":231,"score":57,"percentile":232},"2025-12-19",0.84669,{"date":234,"score":57,"percentile":235},"2025-12-20",0.84664,{"date":237,"score":57,"percentile":238},"2025-12-21",0.84667,{"date":240,"score":57,"percentile":241},"2025-12-22",0.84671,{"date":243,"score":57,"percentile":244},"2025-12-23",0.84675,{"date":246,"score":57,"percentile":247},"2025-12-24",0.84683,{"date":249,"score":57,"percentile":250},"2025-12-25",0.84698,{"date":252,"score":57,"percentile":253},"2025-12-26",0.847,{"date":255,"score":57,"percentile":256},"2025-12-27",0.84751,{"date":258,"score":57,"percentile":259},"2025-12-28",0.84691,{"date":261,"score":57,"percentile":262},"2025-12-29",0.84687,{"date":264,"score":57,"percentile":265},"2025-12-30",0.84693,{"date":267,"score":57,"percentile":268},"2025-12-31",0.84704,{"date":270,"score":57,"percentile":271},"2026-01-01",0.84769,{"date":273,"score":57,"percentile":274},"2026-01-02",0.84767,{"date":276,"score":57,"percentile":277},"2026-01-03",0.84762,{"date":279,"score":57,"percentile":259},"2026-01-04",{"date":281,"score":57,"percentile":282},"2026-01-05",0.84684,{"date":284,"score":57,"percentile":285},"2026-01-06",0.8469,{"date":287,"score":57,"percentile":288},"2026-01-07",0.84688,{"date":290,"score":57,"percentile":250},"2026-01-08",{"date":292,"score":57,"percentile":293},"2026-01-09",0.84702,{"date":295,"score":57,"percentile":296},"2026-01-10",0.84699,{"date":298,"score":57,"percentile":299},"2026-01-11",0.84697,{"date":301,"score":57,"percentile":302},"2026-01-12",0.84692,{"date":304,"score":57,"percentile":285},"2026-01-13",{"date":306,"score":57,"percentile":307},"2026-01-14",0.84709,{"date":309,"score":57,"percentile":310},"2026-01-15",0.84705,{"date":312,"score":57,"percentile":313},"2026-01-16",0.84713,{"date":315,"score":57,"percentile":316},"2026-01-17",0.84718,{"date":318,"score":57,"percentile":319},"2026-01-18",0.84716,{"date":321,"score":57,"percentile":307},"2026-01-19",{"date":323,"score":57,"percentile":313},"2026-01-20",{"date":325,"score":57,"percentile":326},"2026-01-21",0.84719,{"date":328,"score":57,"percentile":329},"2026-01-22",0.84723,{"date":331,"score":57,"percentile":332},"2026-01-23",0.84735,{"date":334,"score":57,"percentile":335},"2026-01-24",0.84744,{"date":337,"score":57,"percentile":338},"2026-01-25",0.84741,{"date":340,"score":57,"percentile":338},"2026-01-26",{"date":342,"score":57,"percentile":335},"2026-01-27",{"date":344,"score":57,"percentile":345},"2026-01-28",0.84748,{"date":347,"score":57,"percentile":256},"2026-01-29",{"date":349,"score":57,"percentile":350},"2026-01-30",0.84752,{"date":352,"score":57,"percentile":353},"2026-01-31",0.84753,{"date":355,"score":57,"percentile":356},"2026-02-01",0.84822,[358,368],{"source":61,"cvss_v2_0":359,"cvss_v3_0":9,"cvss_v3_1":364,"cvss_v4_0":9},{"baseScore":360,"baseSeverity":9,"vectorString":361,"impactScore":362,"exploitabilityScore":363},3.5,"AV:N/AC:M/Au:S/C:P/I:N/A:N",2.9,6.8,{"baseScore":59,"baseSeverity":365,"vectorString":62,"impactScore":366,"exploitabilityScore":367},"MEDIUM",6,7.2,{"source":68,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":369,"cvss_v4_0":9},{"baseScore":370,"baseSeverity":9,"vectorString":371,"impactScore":366,"exploitabilityScore":372},5.3,"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",4.1,[374,386,394],{"ecosystem":9,"name":375,"vendor":376,"product":377,"cpe_part":378,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":379},"Jenkins Blue Ocean Plugin","jenkins project","jenkins blue ocean plugin","a",[380],{"version":381,"is_range":382,"range_type":67,"version_start":383,"version_start_type":384,"version_end":385,"version_end_type":384,"fixed_in":9},">= unspecified, \u003C= 1.23.2",true,"unspecified","including","1.23.2",{"ecosystem":9,"name":387,"vendor":388,"product":389,"cpe_part":378,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":390},"blue ocean","jenkins","blue_ocean",[391],{"version":392,"is_range":382,"range_type":393,"version_start":9,"version_start_type":9,"version_end":385,"version_end_type":384,"fixed_in":9},"lte1.23.2","cpe",{"ecosystem":395,"name":396,"vendor":397,"product":398,"cpe_part":9,"purl_type":399,"purl_namespace":397,"purl_name":398,"source":9,"versions":400},"Maven","io.jenkins.blueocean:blueocean","io.jenkins.blueocean","blueocean","maven",[401],{"version":402,"is_range":382,"range_type":403,"version_start":9,"version_start_type":9,"version_end":404,"version_end_type":405,"fixed_in":9},"lt1_23_3","ecosystem","1.23.3","excluding"]