{"id":"CVE-2020-2228","details":"Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.","aliases":["GHSA-qq38-mxpq-rrpj"],"modified":"2026-05-18T16:31:32.117583Z","published":"2020-07-15T18:15:37.597Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/07/15/5"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2020-07-15/#SECURITY-1792"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/gitlab-oauth-plugin","events":[{"introduced":"0"},{"last_affected":"5d46d0209ac4da53fba90de70005e45d2fb36b64"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.5"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:jenkins:gitlab_authentication:*:*:*:*:*:jenkins:*:*"}}],"versions":["gitlab-oauth-1.5","gitlab-oauth-1.0.3","gitlab-oauth-1.0.2","gitlab-oauth-1.0.1","gitlab-oauth-1.0.0","github-oauth-0.22.3","github-oauth-0.22.2","github-oauth-0.22.1","github-oauth-0.22","github-oauth-0.21.2","github-oauth-0.21.1","github-oauth-0.21","github-oauth-0.20","github-oauth-0.19","github-oauth-0.18","github-oauth-0.17","github-oauth-0.16","github-oauth-0.15","github-oauth-0.14","github-oauth-0.13.1","github-oauth-0.13","github-oauth-0.12"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2228.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}