CVE-2020-2196

CVSS v3.1 8 (High)

CVSS v2.0 6 (Medium)

EPSS 0.15 % (52^th)

Affected Products 1

Advisories 2

Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2020-06-03 13:15:11
(4 years ago)
Updated Date: 2023-10-25 18:16:35
(10 months ago)

Affected Products

Jenkins

Selenium

Configuration #1

		CPE23	From	Up To
	Jenkins Selenium for Jenkins 3.141.59 and prior versions	cpe:2.3:a:jenkins:selenium::::::jenkins		<= 3.141.59