CVE-2020-2306
published 2020-11-04CVE-2020-2306: A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | authentication_cache_in_active_directory_plugin | — | — |
| jenkins | aws_global_configuration_plugin | — | — |
| jenkins | azure_key_vault_plugin | — | — |
| jenkins | findbugs_plugin | — | — |
| jenkins | ids_in_azure_key_vault_plugin | — | — |
| jenkins | jenkins-ci_plugin | — | — |
| jenkins | kubernetes_plugin | — | — |
| jenkins | mail_commander_plugin | — | — |
| jenkins | mercurial | <= 2.11 | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | sqlplus_script_runner_plugin | — | — |
| jenkins | static_analysis_utilities_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | visualworks_store_plugin | — | — |
| jenkins | vmware_lab_manager_slaves_plugin | — | — |
| jenkins_project | jenkins_mercurial_plugin | unspecified – 2.11 | — |