CVE-2020-2320

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-2320
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2320.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-2320
Aliases
Published
2020-12-03T16:15:12Z
Modified
2024-10-12T06:21:10.875153Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.

References

Affected packages

Git / github.com/jenkinsci/plugin-installation-manager-tool

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/plugin-installation-manager-tool
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

0.*

0.1-alpha-10
0.1-alpha-4
0.1-alpha-5
0.1-alpha-9

2.*

2.1.0
2.1.1
2.1.2
2.1.3

Other

e7a0066
untagged-0930203b2fde6afcfe4e

jenkins-plugin-management-parent-pom-0.*

jenkins-plugin-management-parent-pom-0.1-alpha-3
jenkins-plugin-management-parent-pom-0.1-alpha-4
jenkins-plugin-management-parent-pom-0.1-alpha-5
jenkins-plugin-management-parent-pom-0.1-alpha-6
jenkins-plugin-management-parent-pom-0.1-alpha-7

parent-pom-.*

parent-pom-.01-alpha-2

parent-pom-0.*

parent-pom-0.1-alpha-1

plugin-management-parent-pom-0.*

plugin-management-parent-pom-0.1-alpha-10
plugin-management-parent-pom-0.1-alpha-11
plugin-management-parent-pom-0.1-alpha-12
plugin-management-parent-pom-0.1-alpha-14
plugin-management-parent-pom-0.1-alpha-15
plugin-management-parent-pom-0.1-alpha-9

plugin-management-parent-pom-1.*

plugin-management-parent-pom-1.0.1
plugin-management-parent-pom-1.0.2
plugin-management-parent-pom-1.1.0
plugin-management-parent-pom-1.1.2
plugin-management-parent-pom-1.2.0

plugin-management-parent-pom-2.*

plugin-management-parent-pom-2.0.0
plugin-management-parent-pom-2.0.0-beta-1
plugin-management-parent-pom-2.0.1