Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13NTNxLXI1Y3ctNnZqaM4AAk1C
Missing permission check in Jenkins Project Inheritance Plugin
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
Permalink: https://github.com/advisories/GHSA-w53q-r5cw-6vjhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NTNxLXI1Y3ctNnZqaM4AAk1C
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Percentage: 0.00065
EPSS Percentile: 0.29549
Identifiers: GHSA-w53q-r5cw-6vjh, CVE-2020-2198
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2198
- https://jenkins.io/security/advisory/2020-06-03/#SECURITY-1582
- http://www.openwall.com/lists/oss-security/2020/06/03/3
- https://github.com/advisories/GHSA-w53q-r5cw-6vjh
Affected Packages
maven:hudson.plugins:project-inheritance
Affected Version Ranges: <= 21.04.03No known fixed version