CVE List

CVE-2020-2234

Moderate 6.5

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

Published August 12, 2020.

Affected software

Jenkins Pipeline Maven Integration

Get alerts for Jenkins Pipeline Maven Integration

Reference links