Cross-Site Request Forgery in Jenkins P4 Plugin Affects Multiple Versions
CVE-2020-2141

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins P4 Plugin
Vendor: CVE Published:; 9 March 2020

Summary

A cross-site request forgery vulnerability in Jenkins P4 Plugin permits unauthorized remote attackers to initiate builds or modify labels in Perforce without sufficient user consent. This vulnerability affects versions up to 1.10.10 and represents a risk to the integrity of automated build processes.

Affected Version(s)

Jenkins P4 Plugin <= 1.10.10

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/03/09/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2020
Vulnerability Reserved
Dec 5, 2019