Lucene search
GoogleOSV:GHSA-VC7G-4269-F7HWHistoryMay 24, 2022 - 5:28 p.m.
Missing permission check in Blue Ocean Plugin
2022-05-2417:28:25
Google
osv.dev
12
blue ocean plugin
permission checks
http endpoints
connection tests
EPSS
0.001
Percentile
22.0%
Updated 2020-09-16
This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it.
Original Description
Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests.
This allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Blue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests.
Related
redhatcve
redhatcve
CVE-2020-2255
2020-09-18 16:00:14
osv
osv
CVE-2020-2255
2020-09-16 14:15:13
prion
prion
Information disclosure
2020-09-16 14:15:00
cvelist
cvelist
CVE-2020-2255
2020-09-16 13:20:40
cve
cve
CVE-2020-2255
2020-09-16 14:15:13
veracode
veracode
Privilege Escalation
2020-10-28 11:04:18
nvd
nvd
CVE-2020-2255
2020-09-16 14:15:13
github
github
Missing permission check in Blue Ocean Plugin
2022-05-24 17:28:25
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11.318 jenkins-2-plugins (RHSA-2020:5102)
2020-11-17 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.6.1 (RHSA-2020:4297)
2020-10-28 00:00:00
redhat
redhat