Vulnerability Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Barchart | Maven Cascade Release | <= 1.3.2 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/10/08/5Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049Vendor Advisory
- http://www.openwall.com/lists/oss-security/2020/10/08/5Mailing ListThird Party Advisory
- https://www.jenkins.io/security/advisory/2020-10-08/#SECURITY-2049Vendor Advisory
FAQ
What is CVE-2020-2295?
CVE-2020-2295 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.
How severe is CVE-2020-2295?
CVE-2020-2295 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-2295?
Check the references section above for vendor advisories and patch information. Affected products include: Barchart Maven Cascade Release.