CVE-2020-2104Incorrect Authorization in Project Jenkins

CWE-863Incorrect AuthorizationCWE-200Sensitive Information ExposureCWE-285Improper Authorization9 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 35.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project JenkinsJenkins
Timeline
PublishedJan 29
Latest updateMay 24

Description

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDjenkins/jenkins2.204.1+1
CVEListV5jenkins_project/jenkinsunspecified2.218+1

🔴Vulnerability Details

3
OSV
Memory usage graphs accessible to anyone with Overall/Read2022-05-24
GHSA
Memory usage graphs accessible to anyone with Overall/Read2022-05-24
CVEList
CVE-2020-2104: Jenkins 22020-01-29

📋Vendor Advisories

2
Red Hat
jenkins: Memory usage graphs accessible to anyone with Overall/Read2020-01-29
Jenkins
Jenkins Security Advisory 2020-01-292020-01-29

💬Community

2
Bugzilla
CVE-2020-2104 jenkins: Memory usage graphs accessible to anyone with Overall/Read [fedora-all]2020-01-31
Bugzilla
CVE-2020-2104 jenkins: Memory usage graphs accessible to anyone with Overall/Read2020-01-31
CVE-2020-2104 — Incorrect Authorization | cvebase