CVE-2020-2286
published 2020-10-08CVE-2020-2286: Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_choices_plugin | — | — |
| jenkins | audit_trail_plugin | — | — |
| jenkins | incorrect_default_pattern_in_audit_trail_plugin | — | — |
| jenkins | maven_cascade_release_plugin | — | — |
| jenkins | nerrvana_plugin | — | — |
| jenkins | persona_plugin | — | — |
| jenkins | release_plugin | — | — |
| jenkins | request_logging_could_be_bypassed_in_audit_trail_plugin | — | — |
| jenkins | role-based_authorization_strategy | <= 3.0 | — |
| jenkins | role-based_authorization_strategy_plugin | — | — |
| jenkins | shared_objects_plugin | — | — |
| jenkins | sms_notification_plugin | — | — |
| jenkins_project | jenkins_role-based_authorization_strategy_plugin | >= 2.12 < unspecified | unspecified |
| jenkins_project | jenkins_role-based_authorization_strategy_plugin | unspecified – 3.0 | — |