CVE-2020-2094

MEDIUM

Jenkins Health Advisor by CloudBees < 3.0 - Missing Authorization for Email Sending

Title source: llm
STIX 2.1

Description

A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient.

References (1)

Core 1
Core References

Scores

CVSS v3 4.3
EPSS 0.0006
EPSS Percentile 19.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-862
Status published
Products (2)
jenkins/health_advisor_by_cloudbees < 3.0
org.jenkins-ci.plugins/cloudbees-jenkins-advisor 0 - 3.0.1Maven
Published Jan 15, 2020
Tracked Since Feb 18, 2026