CVE-2020-2148

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Mac Plugin versions 1.1.0 and earlier

Description A missing permission check in the Jenkins Mac Plugin allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials.

Recommendations For Jenkins Mac Plugin versions 1.1.0 and earlier, consider restricting access to the plugin until a patch is available. As a temporary workaround, review and limit the use of Overall/Read permissions to minimize the risk of exploitation.

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

CVE-2020-2148

GHSA-2M74-X26C-G7XC

Affected Products

Jenkins

Jenkins Mabl Plugin

CVE-2020-2148

Weakness Enumeration

Related Identifiers

Affected Products

References · 8