Lucene search

[email protected]NVD:CVE-2020-2139

HistoryMar 09, 2020 - 4:15 p.m.

CVE-2020-2139

2020-03-0916:15:13

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.8%

JSON

An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system.

Affected configurations

Nvd

Node

jenkinscoberturaRange≤1.15jenkins

VendorProductVersionCPE
jenkinscobertura*cpe:2.3:a:jenkins:cobertura:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	cobertura	*	cpe:2.3:a:jenkins:cobertura::::::jenkins::*

References

www.openwall.com/lists/oss-security/2020/03/09/1

jenkins.io/security/advisory/2020-03-09/#SECURITY-1668

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.8%

JSON

Related for NVD:CVE-2020-2139

osv2 cve1 cvelist1 github1 prion1 redhatcve1