Moderate severityNVD Advisory· Published May 6, 2020· Updated Aug 4, 2024
CVE-2020-2188
CVE-2020-2188
Description
A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ec2Maven | < 1.50.2 | 1.50.2 |
Affected products
1- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-rmp9-mc8w-mqf3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-2188ghsaADVISORY
- www.openwall.com/lists/oss-security/2020/05/06/3ghsamailing-listx_refsource_MLISTWEB
- jenkins.io/security/advisory/2020-05-06/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.