Main Vulnerability Database SB2020120713

SB2020120713 - Input validation error in Jenkins Plugin Installation Manager Tool

Published: December 7, 2020

Security Bulletin ID SB2020120713

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2020-2320)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected plugin does not verify plugin downloads. A remote attacker can provide crafted plugin downloads.

Install update from vendor's website.