
CVE-2020-2241CSRF Vulnerability In Jenkins Database Plugin 1.6
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides detailed analysis on recent and notable security vulnerabilities.
Vulnerability Summary
A Cross-Site Request Forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. Additionally, this form validation method does not require POST requests, resulting in a Cross-Site Request Forgery (CSRF) vulnerability.
Watch the video to learn more about this and other important vulnerabilities.
CVSS Score
The CVSS Base score of this vulnerability is 8.8 (High)
Affected Version
Jenkins database Plugin 1.6 and prior.
Vulnerability Attribution
Anonymous
Risk Impact
Jenkins is an open source automation server that helps to automate building, testing, and deploying software in the CI/CD pipeline. It is integrated with project management software (JIRA), incident filing tools (Bugzilla), static analysis tools (Veracode), Legal Compliance tools (Black Duck), build tools (Ant, Maven) and version control tools (Subversion, Git). Millions of instances of Jenkins server are in use worldwide. No public exploit code for this vulnerability is available. A patch for this vulnerability exists.
Virsec Security Platform (VSP) Support
VSP-Web capability can detect such a CSRF attack and prevent this attack from being exploited.
Reference Links
Download the full vulnerability report to learn more about this and other important vulnerabilities.