Vulnetix
Try Vulnetix Request Demo
CVE-2020-2254 PUBLISHED CVSS 6.5 MEDIUM

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

EPSS 2.42% · 85.0th percentile

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
2.42%
85.0th percentile

Affected Products

VendorProductVersions
Mavenio.jenkins.blueocean:blueocean0
Jenkins projectJenkins Blue Ocean Pluginunspecified, 1.19.2
jenkinsblue_ocean0

Timeline

References

Open in Interactive Console →