CVE-2020-2097

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Sounds Plugin version 0.5 and earlier

Description The issue allows attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins, due to a lack of permission checks in URLs performing form validation.

Recommendations For Jenkins Sounds Plugin version 0.5 and earlier, update to a version that includes the necessary permission checks to prevent arbitrary OS command execution.

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

CVE-2020-2097

GHSA-H8W6-C53G-53VV

Affected Products

Jenkins

Jenkins Sounds Plugin

CVE-2020-2097

Weakness Enumeration

Related Identifiers

Affected Products

References · 5