CVE-2020-2215
published 2020-07-02CVE-2020-2215: A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | cd_plugin | — | — |
| jenkins | compatibility_action_storage_plugin | — | — |
| jenkins | fortify_on_demand_plugin | — | — |
| jenkins | github_coverage_reporter_plugin | — | — |
| jenkins | hp_alm_quality_center_plugin | — | — |
| jenkins | ids_in_fortify_on_demand_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | link_column_plugin | — | — |
| jenkins | slack_upload_plugin | — | — |
| jenkins | sonargraph_integration_plugin | — | — |
| jenkins | stash_branch_parameter_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | vncrecorder_plugin | — | — |
| jenkins | vncviewer_plugin | — | — |
| jenkins | zap_pipeline_plugin | — | — |
| jenkins | zephyr_for_jira_test_management | <= 1.5 | — |
| jenkins | zephyr_for_jira_test_management_plugin | — | — |
| jenkins_project | jenkins_zephyr_for_jira_test_management_plugin | unspecified – 1.5 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cisa7.8HIGH