CVE-2020-2254
published 2020-09-16CVE-2020-2254: Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | blue_ocean | <= 1.23.2 | — |
| jenkins | blue_ocean_plugin | — | — |
| jenkins | clearcase_release_plugin | — | — |
| jenkins | complexity_scatter_plot_plugin | — | — |
| jenkins | computer_queue_plugin | — | — |
| jenkins | copy_data_to_workspace_plugin | — | — |
| jenkins | custom_job_icon_plugin | — | — |
| jenkins | description_column_plugin | — | — |
| jenkins | elastest_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | health_advisor_by_cloudbees_plugin | — | — |
| jenkins | jenkins_controller_in_perfecto_plugin | — | — |
| jenkins | locked_files_report_plugin | — | — |
| jenkins | mailer_plugin | — | — |
| jenkins | mongodb_plugin | — | — |
| jenkins | pipeline_maven_integration_plugin | — | — |
| jenkins | radiator_view_plugin | — | — |
| jenkins | selection_tasks_plugin | — | — |
| jenkins | storable_configs_plugin | — | — |
| jenkins | validating_string_parameter_plugin | — | — |
| jenkins_project | jenkins_blue_ocean_plugin | unspecified – 1.23.2 | — |