CVE-2020-2302
First published: Wed Nov 04 2020(Updated: )
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Active Directory | <=2.19 | |
| maven/org.jenkins-ci.plugins:active-directory | <2.20 | 2.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-2302?
CVE-2020-2302 is a vulnerability in Jenkins Active Directory Plugin 2.19 and earlier that allows attackers with Overall/Read permission to access the domain health check diagnostic page.
How severe is CVE-2020-2302?
CVE-2020-2302 has a severity rating of 4.3, which is considered medium.
How can I fix CVE-2020-2302?
To fix CVE-2020-2302, update to Jenkins Active Directory Plugin 2.20 or later, which requires Overall/Administer permission to access the affected endpoint.
Where can I find more information about CVE-2020-2302?
You can find more information about CVE-2020-2302 in the Jenkins security advisory, NVD database, and GitHub advisory pages.
What is the CWE ID for CVE-2020-2302?
The CWE ID for CVE-2020-2302 is 862.
- collector/nvd-index
- collector/nvd-api
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-q6rq-4whr-r879
- alias/CVE-2020-2302
- collector/github-advisory
- agent/author
- agent/description
- agent/weakness
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins active directory
- version/jenkins active directory/2.19
- package-manager/maven