CVE-2020-2281

2020-09-2314:15:13

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.9%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.

CPENameOperatorVersion
lockable-resources-plugineqlockable-resources-2.1
lockable-resources-plugineqlockable-resources-1.11.2
lockable-resources-plugineqlockable-resources-1.4
lockable-resources-plugineqlockable-resources-1.8
lockable-resources-plugineqlockable-resources-1.3
lockable-resources-plugineqlockable-resources-1.0
lockable-resources-plugineqlockable-resources-1.7
lockable-resources-plugineqlockable-resources-2.0
lockable-resources-plugineqlockable-resources-2.7
lockable-resources-plugineqlockable-resources-1.11.1

Name	Operator	Version
lockable-resources-plugin	eq	lockable-resources-2.1
lockable-resources-plugin	eq	lockable-resources-1.11.2
lockable-resources-plugin	eq	lockable-resources-1.4
lockable-resources-plugin	eq	lockable-resources-1.8
lockable-resources-plugin	eq	lockable-resources-1.3
lockable-resources-plugin	eq	lockable-resources-1.0
lockable-resources-plugin	eq	lockable-resources-1.7
lockable-resources-plugin	eq	lockable-resources-2.0
lockable-resources-plugin	eq	lockable-resources-2.7
lockable-resources-plugin	eq	lockable-resources-1.11.1