Lucene search

K
cve[email protected]CVE-2020-2200
HistoryJun 03, 2020 - 1:15 p.m.

CVE-2020-2200

2020-06-0313:15:11
CWE-78
web.nvd.nist.gov
49
cve-2020-2200
jenkins
play framework plugin
os command injection
vulnerability
nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

93.0%

Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the play command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master.

Affected configurations

NVD
Node
jenkinsplay_frameworkRange1.0.2jenkins

CNA Affected

[
  {
    "product": "Jenkins Play Framework Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.0.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.0.2",
        "versionType": "custom"
      }
    ]
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.051 Low

EPSS

Percentile

93.0%

Related for CVE-2020-2200