CVE-2020-2302

CWE-862Missing Authorization6 documents6 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 91.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Active Directory PluginJenkins Active Directory
Timeline
PublishedNov 4
Latest updateMay 24

Description

A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_active_directory_pluginunspecified2.19

🔴Vulnerability Details

3
OSV
Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page2022-05-24
GHSA
Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page2022-05-24
CVEList
CVE-2020-2302: A missing permission check in Jenkins Active Directory Plugin 22020-11-04

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-11-042020-11-04

💬Community

1
Bugzilla
CVE-2020-13802 rebar3: OS command injection via URL parameter of dependency specification2020-09-02
CVE-2020-2302 (MEDIUM CVSS 4.3) | A missing permission check in Jenki | cvebase.io