CVE-2020-2234

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-2234

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2234.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-2234

Aliases

GHSA-mrr8-fcg7-p2wg

Published

2020-08-12T14:15:13Z

Modified

2024-09-03T03:21:46.132583Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

References

Affected packages

Git / github.com/jenkinsci/pipeline-maven-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/pipeline-maven-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

f7aafabac1b2a56847b13b729c8dc9624e5fb6a1

Affected versions

pipeline-maven-0.*

pipeline-maven-0.1-beta

pipeline-maven-0.2

pipeline-maven-0.3

pipeline-maven-0.4

pipeline-maven-0.5

pipeline-maven-2.*

pipeline-maven-2.3.0-beta-1

pipeline-maven-2.3.1-beta-1

pipeline-maven-2.4.0-beta-1

pipeline-maven-2.4.0-beta-2

pipeline-maven-2.5.0-alpha-1

pipeline-maven-3.*

pipeline-maven-3.0.0

pipeline-maven-3.0.0-beta-1

pipeline-maven-3.0.0-beta-2

pipeline-maven-3.0.0-beta-3

pipeline-maven-3.0.0-beta-4

pipeline-maven-3.0.0-beta-5

pipeline-maven-3.0.0-beta-6

pipeline-maven-3.0.1

pipeline-maven-3.0.1-beta-1

pipeline-maven-3.0.1-beta-2

pipeline-maven-3.0.2

pipeline-maven-3.0.3

pipeline-maven-3.0.3-beta-1

pipeline-maven-3.0.3-beta-2

pipeline-maven-3.0.4

pipeline-maven-3.0.5

pipeline-maven-3.0.6

pipeline-maven-3.0.6-beta-1

pipeline-maven-3.0.7

pipeline-maven-3.1.0

pipeline-maven-3.1.0-beta-1

pipeline-maven-3.2.0

pipeline-maven-3.2.0-alpha-1

pipeline-maven-3.2.0-alpha-2

pipeline-maven-3.2.1

pipeline-maven-3.2.1-beta-1

pipeline-maven-3.3.0

pipeline-maven-3.3.1

pipeline-maven-3.3.1-beta-1

pipeline-maven-3.3.1-beta-2

pipeline-maven-3.3.2

pipeline-maven-3.4.0

pipeline-maven-3.4.0-beta-1

pipeline-maven-3.4.1

pipeline-maven-3.4.2

pipeline-maven-3.4.3

pipeline-maven-3.5.0

pipeline-maven-3.5.0-beta-1

pipeline-maven-3.5.1

pipeline-maven-3.5.1-beta-1

pipeline-maven-3.5.10

pipeline-maven-3.5.11

pipeline-maven-3.5.12

pipeline-maven-3.5.12-beta-1

pipeline-maven-3.5.12-beta-2

pipeline-maven-3.5.12-beta-3

pipeline-maven-3.5.12-beta-4

pipeline-maven-3.5.13

pipeline-maven-3.5.14

pipeline-maven-3.5.15

pipeline-maven-3.5.15-beta-1

pipeline-maven-3.5.15-beta-2

pipeline-maven-3.5.15-beta-4

pipeline-maven-3.5.2

pipeline-maven-3.5.3

pipeline-maven-3.5.4

pipeline-maven-3.5.4-beta-1

pipeline-maven-3.5.5

pipeline-maven-3.5.6

pipeline-maven-3.5.7

pipeline-maven-3.5.7-beta-1

pipeline-maven-3.5.8

pipeline-maven-3.5.8-beta-1

pipeline-maven-3.5.9

pipeline-maven-3.6.0

pipeline-maven-3.6.0-beta-1

pipeline-maven-3.6.0-beta-2

pipeline-maven-3.6.1

pipeline-maven-3.6.10

pipeline-maven-3.6.11

pipeline-maven-3.6.12

pipeline-maven-3.6.13

pipeline-maven-3.6.14

pipeline-maven-3.6.15-beta-1

pipeline-maven-3.6.2

pipeline-maven-3.6.3

pipeline-maven-3.6.4

pipeline-maven-3.6.4-beta-1

pipeline-maven-3.6.5

pipeline-maven-3.6.5-beta-1

pipeline-maven-3.6.6

pipeline-maven-3.6.6-beta-1

pipeline-maven-3.6.6-beta-2

pipeline-maven-3.6.6-beta-3

pipeline-maven-3.6.6-beta-4

pipeline-maven-3.6.7

pipeline-maven-3.6.8

pipeline-maven-3.6.8-beta-1

pipeline-maven-3.6.8-beta-2

pipeline-maven-3.6.9

pipeline-maven-3.7.0

pipeline-maven-3.7.0-beta-1

pipeline-maven-3.7.1

pipeline-maven-3.8.0

pipeline-maven-3.8.1

pipeline-maven-3.8.2

pipeline-maven-parent-2.*

pipeline-maven-parent-2.0

pipeline-maven-parent-2.0-beta-3

pipeline-maven-parent-2.0-beta-4

pipeline-maven-parent-2.0-beta-5

pipeline-maven-parent-2.0-beta-6

pipeline-maven-parent-2.0-beta-7

pipeline-maven-parent-2.0.1

pipeline-maven-parent-2.0.2

pipeline-maven-parent-2.0.3

pipeline-maven-parent-2.1.0

pipeline-maven-parent-2.1.0-beta-1

pipeline-maven-parent-2.1.1-beta-1

pipeline-maven-parent-2.2.0

pipeline-maven-parent-2.2.1

pipeline-maven-parent-2.3.0

pipeline-maven-parent-2.3.1

pipeline-maven-parent-2.4.0

pipeline-maven-parent-2.5.0

pipeline-maven-parent-2.5.1

pipeline-maven-parent-2.5.2

pipeline-maven-pom-2.*

pipeline-maven-pom-2.0-beta-1

pipeline-maven-pom-2.0-beta-2