Medium severity4.3NVD Advisory· Published May 6, 2020· Updated Jun 17, 2026
CVE-2020-2186
CVE-2020-2186
Description
A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ec2Maven | < 1.50.2 | 1.50.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2020/05/06/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-w6hw-57jq-h7f5ghsaADVISORY
- jenkins.io/security/advisory/2020-05-06/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-2186ghsaADVISORY
- github.com/jenkinsci/ec2-plugin/commit/4c9f03ae202e4730fd54eda40771fa4d3873e358ghsaWEB
News mentions
1- Jenkins Security Advisory 2020-05-06Jenkins Security Advisories · May 6, 2020