Missing Permission Check in Jenkins P4 Plugin by Jenkins
CVE-2020-2142

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins P4 Plugin
Vendor: CVE Published:; 9 March 2020

Summary

The Jenkins P4 Plugin, specifically in versions up to and including 1.10.10, is affected by a vulnerability that allows users with Overall/Read permissions to trigger builds without proper authorization. This poses a significant security risk as unauthorized individuals could execute builds, potentially leading to the manipulation of code or the introduction of malware into the build pipeline. It is critical for users to apply patches and effectively manage permissions to safeguard their Jenkins environments.

Affected Version(s)

Jenkins P4 Plugin <= 1.10.10

References

https://jenkins.io/security/advisory/2020-03-09/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/03/09/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2020
Vulnerability Reserved
Dec 5, 2019