CSRF Vulnerability in Jenkins Pipeline Maven Integration Plugin
CVE-2020-2235

6.5MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Pipeline Maven Integration Plugin
Vendor
CVE Published:
12 August 2020

Summary

A cross-site request forgery (CSRF) flaw in Jenkins Pipeline Maven Integration Plugin versions 3.8.2 and earlier allows attackers to send unauthorized commands to the Jenkins server. By exploiting this vulnerability, an attacker can specify a malicious JDBC URL and utilize credentials IDs obtained through alternative means to gain unauthorized access, potentially resulting in the exposure of sensitive information stored in Jenkins.

Affected Version(s)

Jenkins Pipeline Maven Integration Plugin <= 3.8.2

References

https://jenkins.io/security/advisory/2020-08-12/#SECURITY...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/08/12/4
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.