CVE-2020-2268

HIGH

Jenkins MongoDB Plugin < 1.3 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/09/16/3

Scores

CVSS v3 8.8
EPSS 0.0009
EPSS Percentile 24.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
jenkins/mongodb < 1.3
org.jenkins-ci.plugins/mongodb 0Maven
Published Sep 16, 2020
Tracked Since Feb 18, 2026