GHSA-r78q-qgx6-64pp

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Memory usage graphs accessible to anyone with Overall/Read

Jenkins includes a feature that shows a JVM memory usage chart for the Jenkins controller.

Access to the chart in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier requires no permissions beyond the general Overall/Read, allowing users who are not administrators to view JVM memory usage data.

Jenkins 2.219, LTS 2.204.2 now requires Overall/Administer permissions to view the JVM memory usage chart.

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

<= 2.204.1

2.204.2

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

>= 2.205, <= 2.218

2.219

EPSS

Процентиль: 64%

0.00473

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2020-2104

Дефекты

CWE-285

CWE-863

Связанные уязвимости

CVE-2020-2104

CVSS3: 4.3

redhat

около 6 лет назад

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.

CVE-2020-2104

CVSS3: 4.3

nvd

около 6 лет назад

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.

CVE-2020-2104

CVSS3: 4.3

debian

около 6 лет назад

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...

EPSS

Процентиль: 64%

0.00473

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2020-2104

Дефекты

CWE-285

CWE-863