CVE-2020-2273

2020-09-1614:15:14

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.7%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.

CPENameOperatorVersion
elastest-plugineqelastest-1.0-beta2
elastest-plugineqelastest-1.0.0-beta6
elastest-plugineqelastest-1.2.1
elastest-plugineqelastest-1.0.0-beta8
elastest-plugineqelastest-0.9.1-beta-2
elastest-plugineqelastest-0.9.1-beta-1
elastest-plugineqelastest-1.0-beta4
elastest-plugineqelastest-1.0.0
elastest-plugineqelastest-1.1.0
elastest-plugineqelastest-0.9.1-beta-4

Name	Operator	Version
elastest-plugin	eq	elastest-1.0-beta2
elastest-plugin	eq	elastest-1.0.0-beta6
elastest-plugin	eq	elastest-1.2.1
elastest-plugin	eq	elastest-1.0.0-beta8
elastest-plugin	eq	elastest-0.9.1-beta-2
elastest-plugin	eq	elastest-0.9.1-beta-1
elastest-plugin	eq	elastest-1.0-beta4
elastest-plugin	eq	elastest-1.0.0
elastest-plugin	eq	elastest-1.1.0
elastest-plugin	eq	elastest-0.9.1-beta-4