CVE-2020-2255
published 2020-09-16CVE-2020-2255: A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | blue_ocean | <= 1.23.2 | — |
| jenkins | blue_ocean_plugin | — | — |
| jenkins | clearcase_release_plugin | — | — |
| jenkins | complexity_scatter_plot_plugin | — | — |
| jenkins | computer_queue_plugin | — | — |
| jenkins | copy_data_to_workspace_plugin | — | — |
| jenkins | custom_job_icon_plugin | — | — |
| jenkins | description_column_plugin | — | — |
| jenkins | elastest_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | health_advisor_by_cloudbees_plugin | — | — |
| jenkins | jenkins_controller_in_perfecto_plugin | — | — |
| jenkins | locked_files_report_plugin | — | — |
| jenkins | mailer_plugin | — | — |
| jenkins | mongodb_plugin | — | — |
| jenkins | pipeline_maven_integration_plugin | — | — |
| jenkins | radiator_view_plugin | — | — |
| jenkins | selection_tasks_plugin | — | — |
| jenkins | storable_configs_plugin | — | — |
| jenkins | validating_string_parameter_plugin | — | — |
| jenkins_project | jenkins_blue_ocean_plugin | unspecified – 1.23.2 | — |