<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-2241CSRF Vulnerability In Jenkins Database Plugin 1.6

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A Cross-Site Request Forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Additionally, this form validation method does not require POST requests, resulting in a Cross-Site Request Forgery (CSRF) vulnerability.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability is 8.8 (High)

Affected Version

Jenkins database Plugin 1.6 and prior.

Vulnerability Attribution

Anonymous

Risk Impact

Jenkins is an open source automation server that helps to automate buildingtesting, and deploying software in the CI/CD pipeline. It is integrated with project management software (JIRA), incident filing tools (Bugzilla), static analysis tools (Veracode), Legal Compliance tools (Black Duck), build tools (Ant, Maven) and version control tools (Subversion, Git). Millions of instances of Jenkins server are in use worldwide. No public exploit code for this vulnerability is available. A patch for this vulnerability exists.

Virsec Security Platform (VSP) Support

VSP-Web capability can detect such a CSRF attack and prevent this attack from being exploited.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.