GoogleOSV:CVE-2020-2255

HistorySep 16, 2020 - 2:15 p.m.

CVE-2020-2255

2020-09-1614:15:13

Google

osv.dev

jenkins

blue ocean plugin

permission check

attackers

overall/read permission

url connection

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

References

www.openwall.com/lists/oss-security/2020/09/16/3

www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961