PT-2020-15483 · Cloudbees+1 · Jenkins Health Advisor By Cloudbees Plugin+1
Matt Sicker
·
Published
2020-09-16
·
Updated
2023-10-25
·
CVE-2020-2258
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Health Advisor by CloudBees Plugin versions 3.2.0 and earlier
Description
The issue arises from an incorrect permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view the endpoint, which includes an administrative configuration page.
Recommendations
For Jenkins Health Advisor by CloudBees Plugin versions 3.2.0 and earlier, update to version 3.2.1 or later, which requires Overall/Administer permission to view the administrative configuration page, thus mitigating the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Health Advisor By Cloudbees Plugin