Medium severity4.3NVD Advisory· Published May 6, 2020· Updated Jun 17, 2026
CVE-2020-2188
CVE-2020-2188
Description
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ec2Maven | < 1.50.2 | 1.50.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2020/05/06/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-rmp9-mc8w-mqf3ghsaADVISORY
- jenkins.io/security/advisory/2020-05-06/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-2188ghsaADVISORY
News mentions
1- Jenkins Security Advisory 2020-05-06Jenkins Security Advisories · May 6, 2020