CVE-2020-2254: Path Traversal
First published: Wed Sep 16 2020(Updated: )
Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, `blueocean.features.GIT_READ_SAVE_TYPE`, that when set to the value `clone` allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins controller file system. Blue Ocean Plugin 1.23.3 no longer includes this feature and redirects existing usage to a safer alternative.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/io.jenkins.blueocean:blueocean | <=1.23.2 | 1.23.3 |
| Jenkins Blue Ocean | <=1.23.2 | |
| redhat/jenkins | <2-plugins-0:3.11.1603460090-1.el7 | 2-plugins-0:3.11.1603460090-1.el7 |
| redhat/jenkins | <2-plugins-0:4.6.1601368321-1.el8 | 2-plugins-0:4.6.1601368321-1.el8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2020-2254
- https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956
- http://www.openwall.com/lists/oss-security/2020/09/16/3
- https://github.com/jenkinsci/blueocean-plugin/commit/f0dd4b68d62ac3c3c85012d6eb0c92bcebf85e12
- https://github.com/advisories/GHSA-vq7j-6pcq-f48p (Advisory)
- https://access.redhat.com/errata/RHSA-2020:4297
- https://access.redhat.com/security/cve/cve-2020-2254
- https://access.redhat.com/errata/RHSA-2020:5102
- https://bugzilla.redhat.com/show_bug.cgi?id=1880456
- https://www.cve.org/CVERecord?id=CVE-2020-2254 https://nvd.nist.gov/vuln/detail/CVE-2020-2254 http://www.openwall.com/lists/oss-security/2020/09/16/3 https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1956
Frequently Asked Questions
What is CVE-2020-2254?
CVE-2020-2254 refers to a vulnerability in Jenkins Blue Ocean Plugin version 1.23.2 and earlier that allows an attacker with certain permissions to read arbitrary files on the Jenkins controller file system.
How severe is CVE-2020-2254?
CVE-2020-2254 has a severity rating of 6.5 (medium).
Which software versions are affected by CVE-2020-2254?
Jenkins Blue Ocean Plugin versions 1.23.2 and earlier are affected by CVE-2020-2254.
How can an attacker exploit CVE-2020-2254?
An attacker with Job/Configure or Job/Create permissions can enable an undocumented feature flag to read arbitrary files on the Jenkins controller file system.
Are there any remedies or fixes available for CVE-2020-2254?
Yes, upgrading to Jenkins Blue Ocean Plugin version 1.23.3 or higher can address the vulnerability.
- collector/redhat-cve
- collector/nvd-index
- collector/nvd-api
- collector/github-advisory-latest
- alias/GHSA-vq7j-6pcq-f48p
- alias/CVE-2020-2254
- collector/nvd-cve
- collector/github-advisory
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/jenkins
- canonical/jenkins blue ocean
- version/jenkins blue ocean/1.23.2
- package-manager/maven