CVE-2020-2258 — Incorrect Authorization in Project Jenkins Health Advisor BY Cloudbees Plugin

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 91.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Health Advisor BY Cloudbees Plugin Jenkins Health Advisor BY Cloudbees

Timeline

PublishedSep 16

Latest updateMay 24

Description

Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_health_advisor_by_cloudbees_pluginunspecified — 3.2.0

▶NVDjenkins/health_advisor_by_cloudbees3.2.0

🔴Vulnerability Details

OSV

Incorrect permission check in Health Advisor by CloudBees Plugin↗2022-05-24

▶

GHSA

Incorrect permission check in Health Advisor by CloudBees Plugin↗2022-05-24

▶

CVEList

CVE-2020-2258: Jenkins Health Advisor by CloudBees Plugin 3↗2020-09-16

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-09-16↗2020-09-16

▶