7.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2020-2234

GHSA ID

GHSA-mrr8-fcg7-p2wg

EPSS Score

0.14756%

CWE

CWE-285

Published

5/24/2022

Updated

10/26/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2234

CVE-2020-2234: Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials

Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in a method implementing form validation.

This allows users with Overall/Read access to Jenkins to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.

Additionally, this form validation method does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Pipeline Maven Integration Plugin 3.8.3 requires POST requests and Job/Configure permission for the affected form validation method.

(GitHub Advisory)

7.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2020-2234

GHSA ID

GHSA-mrr8-fcg7-p2wg

EPSS Score

0.14756%

CWE

CWE-285

Published

5/24/2022

Updated

10/26/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:pipeline-maven	maven	< 3.8.3	3.8.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers on a form validation method for JDBC URL/credentials testing that failed to: 1) Check Job/Configure permissions (CWE-285/862), and 2) Enforce POST requests (CSRF). The descriptor pattern in Jenkins plugins typically uses 'doValidate[Parameter]' methods for form validation. The advisory explicitly states the fixed version added POST enforcement and permission checks to 'the affected form validation method', strongly indicating a method in the plugin's configuration descriptor class (GlobalPipelineMavenConfig$DescriptorImpl) handling JDBC validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pip*lin* M*v*n Int**r*tion Plu*in *.*.* *n* **rli*r *o*s not p*r*orm * p*rmission ****k in * m*t*o* impl*m*ntin* *orm v*li**tion. T*is *llows us*rs wit* Ov*r*ll/R*** ****ss to J*nkins to *onn**t to *n *tt**k*r-sp**i*i** J*** URL usin* *tt**k*r-sp**i

Reasoning

T** vuln*r**ility **nt*rs on * *orm v*li**tion m*t*o* *or J*** URL/*r***nti*ls t*stin* t**t **il** to: *) ****k Jo*/*on*i*ur* p*rmissions (*W*-***/***), *n* *) *n*or** POST r*qu*sts (*SR*). T** **s*riptor p*tt*rn in J*nkins plu*ins typi**lly us*s '*o

7.1

Basic Information

Concerned about an active attack path?

CVE-2020-2234: Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI