Missing Permission Check in Jenkins Database Plugin Allows Unauthorized Database Access
CVE-2020-2242
6.5MEDIUM
What is CVE-2020-2242?
A vulnerability exists in the Jenkins Database Plugin up to version 1.6 due to a missing permission check. This flaw allows users with Overall/Read access to exploit the plugin, enabling them to connect to a database server specified by the attacker using any provided credentials. As a result, unauthorized users can gain access to sensitive database information, highlighting the importance of proper permission assignments and secure configurations in Jenkins environments.
Affected Version(s)
Jenkins database Plugin <= 1.6