Cross-Site Request Forgery Vulnerability in Jenkins Self-Organizing Swarm Plugin
CVE-2020-2192

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Self-organizing Swarm Plug-in Modules Plugin
Vendor: CVE Published:; 3 June 2020

Summary

A cross-site request forgery vulnerability exists in the Jenkins Self-Organizing Swarm Plug-in Modules Plugin version 3.20 and earlier. This flaw allows attackers to manipulate agent labels on Jenkins instances, potentially leading to unauthorized control over build agents and compromising the integrity of the continuous integration environment. To mitigate this risk, users are advised to upgrade to the latest version of the plugin and implement security best practices.

Affected Version(s)

Jenkins Self-Organizing Swarm Plug-in Modules Plugin <= 3.20

References

https://jenkins.io/security/advisory/2020-06-03/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/06/03/3

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2020
Vulnerability Reserved
Dec 5, 2019