Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by barchart
CVE-2020-2294 (GCVE-0-2020-2294)
Vulnerability from cvelistv5 – Published: 2020-10-08 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-10-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/10/08/5 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Maven Cascade Release Plugin |
Affected:
unspecified , ≤ 1.3.2
(custom)
Unknown: next of 1.3.2 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Maven Cascade Release Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.3.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:43.020Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Maven Cascade Release Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.3.2"
},
{
"version_affected": "?\u003e",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2294",
"datePublished": "2020-10-08T12:40:28.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2295 (GCVE-0-2020-2295)
Vulnerability from cvelistv5 – Published: 2020-10-08 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-10-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/10/08/5 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Maven Cascade Release Plugin |
Affected:
unspecified , ≤ 1.3.2
(custom)
Unknown: next of 1.3.2 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Maven Cascade Release Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.3.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:44.150Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Maven Cascade Release Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.3.2"
},
{
"version_affected": "?\u003e",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2295",
"datePublished": "2020-10-08T12:40:28.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2294 (GCVE-0-2020-2294)
Vulnerability from nvd – Published: 2020-10-08 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-10-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/10/08/5 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Maven Cascade Release Plugin |
Affected:
unspecified , ≤ 1.3.2
(custom)
Unknown: next of 1.3.2 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Maven Cascade Release Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.3.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:43.020Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Maven Cascade Release Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.3.2"
},
{
"version_affected": "?\u003e",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2294",
"datePublished": "2020-10-08T12:40:28.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2295 (GCVE-0-2020-2295)
Vulnerability from nvd – Published: 2020-10-08 12:40 – Updated: 2024-08-04 07:01
VLAI
EPSS
VEX
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
Severity
No CVSS data available.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jenkins.io/security/advisory/2020-10-… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/10/08/5 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins project | Jenkins Maven Cascade Release Plugin |
Affected:
unspecified , ≤ 1.3.2
(custom)
Unknown: next of 1.3.2 , < unspecified (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:01:41.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jenkins Maven Cascade Release Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "1.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.3.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:08:44.150Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"ID": "CVE-2020-2295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jenkins Maven Cascade Release Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.3.2"
},
{
"version_affected": "?\u003e",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049",
"refsource": "CONFIRM",
"url": "https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049"
},
{
"name": "[oss-security] 20201008 Multiple vulnerabilities in Jenkins plugins",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/10/08/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2020-2295",
"datePublished": "2020-10-08T12:40:28.000Z",
"dateReserved": "2019-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:01:41.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}