CVE-2020-2228: Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.

Affected

13 ranges

Vendor	Product	Version range	Fixed in
apple	cups	>= 0 < 2.1.3-4ubuntu0.11	2.1.3-4ubuntu0.11
apple	cups	>= 0 < 2.2.7-1ubuntu2.8	2.2.7-1ubuntu2.8
apple	cups	>= 0 < 2.3.1-9ubuntu1.1	2.3.1-9ubuntu1.1
gitlab	gitlab	—	—
jenkins	deployer_framework_plugin	—	—
jenkins	gitlab_authentication	<= 1.5	—
jenkins	gitlab_authentication_plugin	—	—
jenkins	jenkins_core	—	—
jenkins	jenkins_lts	—	—
jenkins	jenkins_weekly	—	—
jenkins	matrix_authorization_strategy_plugin	—	—
jenkins	matrix_project_plugin	—	—
jenkins_project	jenkins_gitlab_authentication_plugin	unspecified – 1.5	—

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv5.5MEDIUM