A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2020-08-12T13:25:23
Updated: 2024-08-04T07:01:41.133Z
Reserved: 2019-12-05T00:00:00
Link: CVE-2020-2234
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-08-12T14:15:13.533
Modified: 2023-10-25T18:16:38.097
Link: CVE-2020-2234
Redhat
No data.