Privilege Escalation Vulnerability in Jenkins Gitlab Authentication Plugin
CVE-2020-2228

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Gitlab Authentication Plugin
Vendor: CVE Published:; 15 July 2020

What is CVE-2020-2228?

The Jenkins Gitlab Authentication Plugin, versions 1.5 and earlier, does not adequately enforce group authorization checks. This oversight can potentially allow unauthorized users to escalate their privileges, leading to unauthorized access and control over Jenkins resources. It is crucial for users to upgrade to the latest version of the plugin to mitigate this vulnerability and secure their Jenkins environment.

Affected Version(s)

Jenkins Gitlab Authentication Plugin <= 1.5

References

https://jenkins.io/security/advisory/2020-07-15/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2020/07/15/5

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Dec 5, 2019