cbcvebase.
CVE-2020-2285
published 2020-09-23

CVE-2020-2285: A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected

10 ranges
VendorProductVersion rangeFixed in
jenkinsemail_extension_plugin
jenkinsimplied_labels_plugin
jenkinsliquibase_changesets_evaluated_by_the_plugin
jenkinsliquibase_runner<= 1.4.7
jenkinsliquibase_runner_plugin
jenkinslockable_resources_plugin
jenkinsscript_security_plugin
jenkinswarnings_next_generation_plugin
jenkinswarnings_plugin
jenkins_projectjenkins_liquibase_runner_pluginunspecified – 1.4.7