CVE-2020-2202
published 2020-07-02CVE-2020-2202: A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | cd_plugin | — | — |
| jenkins | compatibility_action_storage_plugin | — | — |
| jenkins | fortify_on_demand | <= 6.0.0 | — |
| jenkins | fortify_on_demand_plugin | — | — |
| jenkins | github_coverage_reporter_plugin | — | — |
| jenkins | hp_alm_quality_center_plugin | — | — |
| jenkins | ids_in_fortify_on_demand_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | link_column_plugin | — | — |
| jenkins | slack_upload_plugin | — | — |
| jenkins | sonargraph_integration_plugin | — | — |
| jenkins | stash_branch_parameter_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | vncrecorder_plugin | — | — |
| jenkins | vncviewer_plugin | — | — |
| jenkins | zap_pipeline_plugin | — | — |
| jenkins | zephyr_for_jira_test_management_plugin | — | — |
| jenkins_project | jenkins_fortify_on_demand_plugin | unspecified – 6.0.0 | — |