cbcvebase.
CVE-2020-2118
published 2020-02-12

CVE-2020-2118: A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

Affected

24 ranges
VendorProductVersion rangeFixed in
jenkinsapplatix_plugin
jenkinsbmc_release_package_and_deployment_plugin
jenkinsdigitalocean_plugin
jenkinsdynamic_extended_choice_parameter_plugin
jenkinseagle_tester_plugin
jenkinsecx_copy_data_management_plugin
jenkinsfitnesse_plugin
jenkinsgit_parameter_plugin
jenkinsgoogle_kubernetes_engine_plugin
jenkinsgroovy_plugin
jenkinsharvest_scm_plugin
jenkinsids_in_pipeline_github_notify_step_plugin
jenkinsids_to_allow_users_configuring_the_plugin
jenkinsnunit_plugin
jenkinsparasoft_environment_manager_plugin
jenkinspipeline_github_notify_step<= 1.0.4
jenkinspipeline_github_notify_step_plugin
jenkinsradargun_plugin
jenkinss3_publisher_plugin
jenkinssandbox_protection_in_script_security_plugin
jenkinsscript_security_plugin
jenkinssubversion_plugin
jenkinsyaml_input_files_to_google_kubernetes_engine_plugin
jenkins_projectjenkins_pipeline_github_notify_step_pluginunspecified – 1.0.4