CVE-2020-2203
published 2020-07-02CVE-2020-2203: A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | cd_plugin | — | — |
| jenkins | compatibility_action_storage_plugin | — | — |
| jenkins | fortify_on_demand | <= 5.0.1 | — |
| jenkins | fortify_on_demand_plugin | — | — |
| jenkins | github_coverage_reporter_plugin | — | — |
| jenkins | hp_alm_quality_center_plugin | — | — |
| jenkins | ids_in_fortify_on_demand_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | link_column_plugin | — | — |
| jenkins | slack_upload_plugin | — | — |
| jenkins | sonargraph_integration_plugin | — | — |
| jenkins | stash_branch_parameter_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | vncrecorder_plugin | — | — |
| jenkins | vncviewer_plugin | — | — |
| jenkins | zap_pipeline_plugin | — | — |
| jenkins | zephyr_for_jira_test_management_plugin | — | — |
| jenkins_project | jenkins_fortify_on_demand_plugin | unspecified – 5.0.1 | — |