CVE-2020-2216
published 2020-07-02CVE-2020-2216: A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | cd_plugin | — | — |
| jenkins | compatibility_action_storage_plugin | — | — |
| jenkins | fortify_on_demand_plugin | — | — |
| jenkins | github_coverage_reporter_plugin | — | — |
| jenkins | hp_alm_quality_center_plugin | — | — |
| jenkins | ids_in_fortify_on_demand_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | link_column_plugin | — | — |
| jenkins | slack_upload_plugin | — | — |
| jenkins | sonargraph_integration_plugin | — | — |
| jenkins | stash_branch_parameter_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | vncrecorder_plugin | — | — |
| jenkins | vncviewer_plugin | — | — |
| jenkins | zap_pipeline_plugin | — | — |
| jenkins | zephyr_for_jira_test_management | <= 1.5 | — |
| jenkins | zephyr_for_jira_test_management_plugin | — | — |
| jenkins_project | jenkins_zephyr_for_jira_test_management_plugin | unspecified – 1.5 | — |