CVE-2020-2241CSRF Vulnerability In Jenkins Database Plugin 1.6

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A Cross-Site Request Forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Additionally, this form validation method does not require POST requests, resulting in a Cross-Site Request Forgery (CSRF) vulnerability.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability is 8.8 (High)

Affected Version

Jenkins database Plugin 1.6 and prior.

Vulnerability Attribution

Anonymous

Risk Impact

Jenkins is an open source automation server that helps to automate building, testing, and deploying software in the CI/CD pipeline. It is integrated with project management software (JIRA), incident filing tools (Bugzilla), static analysis tools (Veracode), Legal Compliance tools (Black Duck), build tools (Ant, Maven) and version control tools (Subversion, Git). Millions of instances of Jenkins server are in use worldwide. No public exploit code for this vulnerability is available. A patch for this vulnerability exists.

Virsec Security Platform (VSP) Support

VSP-Web capability can detect such a CSRF attack and prevent this attack from being exploited.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Research Lab, CSRF, Jenkins

CVE-2020-2241CSRF Vulnerability In Jenkins Database Plugin 1.6

Virsec Security Research Lab Vulnerability Analysis

Vulnerability Summary

CVSS Score

Affected Version

Vulnerability Attribution

Risk Impact

Virsec Security Platform (VSP) Support

Reference Links

Related Articles

CVE-2020-10714 WildFly-Elytron: Session Fixation

Virsec Security Research Lab Vulnerability Analysis

CVE-2020-2280 CSRF In Jenkins Warnings Plugin

Virsec Security Research Lab Vulnerability Analysis

CVE-2020-22275 ER Forms WordPress Plugin CMDI

Virsec Security Research Lab Vulnerability Analysis

Company

Resources

News & Updates

CVE-2020-4888 IBM QRadar SIEM Java Deserialization RCE Confused Deputy

CVE-2021-3115 Go Language- CMDi and RCE

Contact Us