CVE-2020-2254

  • Published Date: Wed 16 Sep 2020
  • Last Modified Date: Fri 18 Sep 2020

Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

References (Advisories, Solutions, and Tools):



Note: This page is generated by our securitybot and has not been checked for errors. Feed Source: NVD