ID CVE-2020-2228
Summary Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:gitlab_authentication:0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.8.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.8.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.12:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.12:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.13:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.13:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.13.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.13.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.14:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.14:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.15:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.15:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.16:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.16:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.17:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.17:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.18:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.18:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.19:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.19:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.20:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.20:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.21:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.21:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.21.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.21.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.21.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.21.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.22:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.22:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.22.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.22.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.22.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.22.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.22.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.22.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.23:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.23:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.24:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.24:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.25:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.25:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.26:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.26:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.27:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.27:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.28:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.28:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.28.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.28.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.29:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.29:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.30:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.30:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.31:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.31:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.32:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.32:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:0.33:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:0.33:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.0.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.0.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:gitlab_authentication:1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:gitlab_authentication:1.5:*:*:*:*:jenkins:*:*
CVSS
Base: 6.5 (as of 19-10-2021 - 12:52)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
confirm https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792
mlist [oss-security] 20200715 Multiple vulnerabilities in Jenkins and Jenkins plugins
Last major update 19-10-2021 - 12:52
Published 15-07-2020 - 18:15
Last modified 19-10-2021 - 12:52
Back to Top