CVE-2020-2268

Published: Sep 16, 2020Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain access to some metadata of any arbitrary files on the Jenkins controller.

Affected (1)

Products: Jenkins: Mongodb

Jenkins

1 product

Mongodb

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Mongodb	Up to 1.3

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://www.openwall.com/lists/oss-security/2020/09/16/3

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2020/09/16/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1904

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.