CVE-2020-2242

Name of the Vulnerable Software and Affected Versions Jenkins Database Plugin versions 1.6 and earlier

Description A missing permission check in the Jenkins Database Plugin allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. The issue is resolved in version 1.7, which requires Overall/Administer permission for the affected form validation method.

Recommendations For Jenkins Database Plugin versions 1.6 and earlier, update to version 1.7 or later to resolve the issue. As a temporary workaround, consider restricting Overall/Read access to Jenkins to minimize the risk of exploitation.