CVE-2020-2215

CWE-352Cross-Site Request Forgery (CSRF)CWE-787Out-of-bounds WriteCWE-20Improper Input ValidationCWE-416Use After Free15 documents9 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 37.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Zephyr FOR Jira Test Management PluginJenkins Zephyr FOR Jira Test Management
Timeline
PublishedJul 2
Latest updateMay 24

Description

A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin2022-05-24
GHSA
CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin2022-05-24
CVEList
CVE-2020-2215: A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 12020-07-02

💥Exploits & PoCs

1
Exploit-DB
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection2020-04-17

📋Vendor Advisories

4
CISA
Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability2021-11-03
CISA
Android Kernel Out-of-Bounds Write Vulnerability2021-11-03
CISA
Android Kernel Use-After-Free Vulnerability2021-11-03
Jenkins
Jenkins Security Advisory 2020-07-022020-07-02

🕵️Threat Intelligence

4
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
Trendmicro
First Binder Exploit Linked to SideWinder APT Group2020-01-06
CVE-2020-2215 (MEDIUM CVSS 4.3) | A cross-site request forgery vulner | cvebase.io