CVE-2020-2255
Aliases:GHSA-vc7g-4269-f7hw
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 16 Sept 2020, 13:20
Last modified:04 Aug 2024, 07:01
Vulnerability Summary
Overall Risk (default)
low
17/100 CVSS Score
4.3 MEDIUM
v3.1 (nvd)
EPSS Score
0.06% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Sept 2020, 13:20
Published
Vulnerability first disclosed
04 Aug 2024, 07:01
Last Modified
Vulnerability information updated
Description
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 0.06%• Percentile: 19%
Techniques & Countermeasures
- CWE-862•Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Affected Systems
- jenkins project•jenkins blue ocean plugin
≥ unspecified, ≤ 1.23.2
- jenkins•blue_ocean
≤ 1.23.2
- io.jenkins.blueocean•blueocean
< 1.23.3