CVE-2020-2228

2020-07-1518:15:37

Google

osv.dev

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.

CPENameOperatorVersion
gitlab-oauth-plugineq1.0.6
gitlab-oauth-plugineq1.0.7
gitlab-oauth-plugineqgithub-oauth-0.22.3
gitlab-oauth-plugineqgitlab-oauth-1.0.0
gitlab-oauth-plugineqgithub-oauth-0.13
gitlab-oauth-plugineq1.0.5
gitlab-oauth-plugineqgithub-oauth-0.19
gitlab-oauth-plugineqgitlab-oauth-1.0.1
gitlab-oauth-plugineq1.2
gitlab-oauth-plugineqgitlab-oauth-1.0.2

Name	Operator	Version
gitlab-oauth-plugin	eq	1.0.6
gitlab-oauth-plugin	eq	1.0.7
gitlab-oauth-plugin	eq	github-oauth-0.22.3
gitlab-oauth-plugin	eq	gitlab-oauth-1.0.0
gitlab-oauth-plugin	eq	github-oauth-0.13
gitlab-oauth-plugin	eq	1.0.5
gitlab-oauth-plugin	eq	github-oauth-0.19
gitlab-oauth-plugin	eq	gitlab-oauth-1.0.1
gitlab-oauth-plugin	eq	1.2
gitlab-oauth-plugin	eq	gitlab-oauth-1.0.2