ID CVE-2020-2255
Summary A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta09:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta09:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta10:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta10:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta11:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta11:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta12:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta12:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta13:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta13:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta14:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta14:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta15:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta15:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta16:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta16:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta17:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta17:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta18:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta18:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta19:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta19:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta20:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta20:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta21:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta21:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta22:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta22:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta23:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta23:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta24:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta24:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta25:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:beta25:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc2:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc2:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc3:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc3:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc4:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.0:rc4:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:-:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:-:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta1:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta1:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta2:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta2:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta3:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta3:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta4:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta4:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta5:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta5:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta6:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta6:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta7:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.0:beta7:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.5.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.5.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.6.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.6.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.7.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.7.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.7.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.7.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.8.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.8.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.8.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.8.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.8.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.8.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.8.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.8.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.8.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.9.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.9.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.10.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.10.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.10.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.10.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.10.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.10.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.11.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.11.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.13.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.13.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.13.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.13.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.14.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.14.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.15.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.15.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.15.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.15.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.16.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.16.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.17.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.17.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.18:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.18:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.18.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.18.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.19:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.19:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.19.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.19.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.21:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.21:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.22:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.22:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.22.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.22.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.23:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.23:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.23.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.23.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:blue_ocean:1.23.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:blue_ocean:1.23.2:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 18-09-2020 - 13:29)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
redhat via4
rpms
  • containers-common-1:1.1.1-2.rhaos4.6.el8
  • jenkins-2-plugins-0:4.6.1601368321-1.el8
  • openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7
  • openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el8
  • openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el7
  • openshift-clients-redistributable-0:4.6.0-202010081244.p0.git.3794.4743d24.el8
  • podman-0:1.9.3-3.rhaos4.6.el8
  • podman-debuginfo-0:1.9.3-3.rhaos4.6.el8
  • podman-debugsource-0:1.9.3-3.rhaos4.6.el8
  • podman-docker-0:1.9.3-3.rhaos4.6.el8
  • podman-remote-0:1.9.3-3.rhaos4.6.el8
  • podman-remote-debuginfo-0:1.9.3-3.rhaos4.6.el8
  • podman-tests-0:1.9.3-3.rhaos4.6.el8
  • runc-0:1.0.0-81.rhaos4.6.git5b757d4.el7
  • runc-0:1.0.0-81.rhaos4.6.git5b757d4.el8
  • runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el7
  • runc-debuginfo-0:1.0.0-81.rhaos4.6.git5b757d4.el8
  • runc-debugsource-0:1.0.0-81.rhaos4.6.git5b757d4.el8
  • skopeo-1:1.1.1-2.rhaos4.6.el8
  • skopeo-debuginfo-1:1.1.1-2.rhaos4.6.el8
  • skopeo-debugsource-1:1.1.1-2.rhaos4.6.el8
  • skopeo-tests-1:1.1.1-2.rhaos4.6.el8
  • jenkins-2-plugins-0:3.11.1603460090-1.el7
refmap via4
confirm https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1961
mlist [oss-security] 20200916 Multiple vulnerabilities in Jenkins plugins
Last major update 18-09-2020 - 13:29
Published 16-09-2020 - 14:15
Last modified 18-09-2020 - 13:29
Back to Top