CVE-2020-2254 – Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, w …

Vuln ID: CVE-2020-2254

Published:  2020-09-16  14:15:13Z

Description: Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system.

Source: NVD.NIST.GOV