CVE-2020-2241CSRF Vulnerability In Jenkins Database Plugin 1.6

Oct 26, 2020 1:29:50 AM

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.

Vulnerability Summary

A Cross-Site Request Forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Additionally, this form validation method does not require POST requests, resulting in a Cross-Site Request Forgery (CSRF) vulnerability.

Watch the video to learn more about this and other important vulnerabilities.

CVSS Score

The CVSS Base score of this vulnerability is 8.8 (High)

Affected Version

Jenkins database Plugin 1.6 and prior.

Vulnerability Attribution

Anonymous

Risk Impact

Jenkins is an open source automation server that helps to automate building, testing, and deploying software in the CI/CD pipeline. It is integrated with project management software (JIRA), incident filing tools (Bugzilla), static analysis tools (Veracode), Legal Compliance tools (Black Duck), build tools (Ant, Maven) and version control tools (Subversion, Git). Millions of instances of Jenkins server are in use worldwide. No public exploit code for this vulnerability is available. A patch for this vulnerability exists.

Virsec Security Platform (VSP) Support

VSP-Web capability can detect such a CSRF attack and prevent this attack from being exploited.

Reference Links

Download the full vulnerability report to learn more about this and other important vulnerabilities.

Research Lab, CSRF, Jenkins

CVE-2020-2241CSRF Vulnerability In Jenkins Database Plugin 1.6

Virsec Security Research Lab Vulnerability Analysis

Vulnerability Summary

CVSS Score

Affected Version

Vulnerability Attribution

Risk Impact

Virsec Security Platform (VSP) Support

Reference Links

Related Articles

CVE-2020-2280 CSRF In Jenkins Warnings Plugin

Virsec Security Research Lab Vulnerability Analysis

CVE-2020-27660 SQL injection vulnerability in request.cgi

Virsec Security Research Lab Vulnerability Analysis

CVE-2020-2320 Jenkins Plugin Installation Manager Tool RCE

Virsec Security Research Lab Vulnerability Analysis

Company

Resources

News & Updates

CVE-2021-1280 : Cisco Advanced Malware Protection (AMP) - DLL Hijack

Oracle WebLogic Server product of Oracle Fusion Middleware: RCE

Contact Us