CVE-2020-2258: Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with…

medium4.3CVSS 3.1

AVNACLPRLUINSUCLINAN

Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
jenkins	blue_ocean_plugin	—	—
jenkins	clearcase_release_plugin	—	—
jenkins	complexity_scatter_plot_plugin	—	—
jenkins	computer_queue_plugin	—	—
jenkins	copy_data_to_workspace_plugin	—	—
jenkins	custom_job_icon_plugin	—	—
jenkins	description_column_plugin	—	—
jenkins	elastest_plugin	—	—
jenkins	email_extension_plugin	—	—
jenkins	health_advisor_by_cloudbees	<= 3.2.0	—
jenkins	health_advisor_by_cloudbees_plugin	—	—
jenkins	jenkins_controller_in_perfecto_plugin	—	—
jenkins	locked_files_report_plugin	—	—
jenkins	mailer_plugin	—	—
jenkins	mongodb_plugin	—	—
jenkins	pipeline_maven_integration_plugin	—	—
jenkins	radiator_view_plugin	—	—
jenkins	selection_tasks_plugin	—	—
jenkins	storable_configs_plugin	—	—
jenkins	validating_string_parameter_plugin	—	—
jenkins_project	jenkins_health_advisor_by_cloudbees_plugin	unspecified – 3.2.0	—