5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
64.8%
The Matrix Project is a module which handles creating Jenkins multi-configuration projects (matrix projects). Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually.
Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility.
Security Fix(es):
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips (CVE-2020-2224)
jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips (CVE-2020-2225)
jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin (CVE-2020-2226)
python-rsa: decryption of ciphertext leads to DoS (CVE-2020-13757)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | python2-rsa | < 4.5-1.el7 | python2-rsa-4.5-1.el7.noarch.rpm |
RedHat | 7 | noarch | jenkins-2-plugins | < 4.5.1596698303-1.el7 | jenkins-2-plugins-4.5.1596698303-1.el7.noarch.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
64.8%