{"id":"CVE-2020-2234","details":"A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.","aliases":["GHSA-mrr8-fcg7-p2wg"],"modified":"2026-04-11T20:41:35.398678Z","published":"2020-08-12T14:15:13.533Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/08/12/4"},{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/pipeline-maven-plugin","events":[{"introduced":"0"},{"last_affected":"f7aafabac1b2a56847b13b729c8dc9624e5fb6a1"}],"database_specific":{"cpe":"cpe:2.3:a:jenkins:pipeline_maven_integration:*:*:*:*:*:jenkins:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"3.8.2"}],"source":"CPE_FIELD"}}],"versions":["pipeline-maven-0.1-beta","pipeline-maven-0.2","pipeline-maven-0.3","pipeline-maven-0.4","pipeline-maven-0.5","pipeline-maven-2.3.0-beta-1","pipeline-maven-2.3.1-beta-1","pipeline-maven-2.4.0-beta-1","pipeline-maven-2.4.0-beta-2","pipeline-maven-2.5.0-alpha-1","pipeline-maven-3.0.0","pipeline-maven-3.0.0-beta-1","pipeline-maven-3.0.0-beta-2","pipeline-maven-3.0.0-beta-3","pipeline-maven-3.0.0-beta-4","pipeline-maven-3.0.0-beta-5","pipeline-maven-3.0.0-beta-6","pipeline-maven-3.0.1","pipeline-maven-3.0.1-beta-1","pipeline-maven-3.0.1-beta-2","pipeline-maven-3.0.2","pipeline-maven-3.0.3","pipeline-maven-3.0.3-beta-1","pipeline-maven-3.0.3-beta-2","pipeline-maven-3.0.4","pipeline-maven-3.0.5","pipeline-maven-3.0.6","pipeline-maven-3.0.6-beta-1","pipeline-maven-3.0.7","pipeline-maven-3.1.0","pipeline-maven-3.1.0-beta-1","pipeline-maven-3.2.0","pipeline-maven-3.2.0-alpha-1","pipeline-maven-3.2.0-alpha-2","pipeline-maven-3.2.1","pipeline-maven-3.2.1-beta-1","pipeline-maven-3.3.0","pipeline-maven-3.3.1","pipeline-maven-3.3.1-beta-1","pipeline-maven-3.3.1-beta-2","pipeline-maven-3.3.2","pipeline-maven-3.4.0","pipeline-maven-3.4.0-beta-1","pipeline-maven-3.4.1","pipeline-maven-3.4.2","pipeline-maven-3.4.3","pipeline-maven-3.5.0","pipeline-maven-3.5.0-beta-1","pipeline-maven-3.5.1","pipeline-maven-3.5.1-beta-1","pipeline-maven-3.5.10","pipeline-maven-3.5.11","pipeline-maven-3.5.12","pipeline-maven-3.5.12-beta-1","pipeline-maven-3.5.12-beta-2","pipeline-maven-3.5.12-beta-3","pipeline-maven-3.5.12-beta-4","pipeline-maven-3.5.13","pipeline-maven-3.5.14","pipeline-maven-3.5.15","pipeline-maven-3.5.15-beta-1","pipeline-maven-3.5.15-beta-2","pipeline-maven-3.5.15-beta-4","pipeline-maven-3.5.2","pipeline-maven-3.5.3","pipeline-maven-3.5.4","pipeline-maven-3.5.4-beta-1","pipeline-maven-3.5.5","pipeline-maven-3.5.6","pipeline-maven-3.5.7","pipeline-maven-3.5.7-beta-1","pipeline-maven-3.5.8","pipeline-maven-3.5.8-beta-1","pipeline-maven-3.5.9","pipeline-maven-3.6.0","pipeline-maven-3.6.0-beta-1","pipeline-maven-3.6.0-beta-2","pipeline-maven-3.6.1","pipeline-maven-3.6.10","pipeline-maven-3.6.11","pipeline-maven-3.6.12","pipeline-maven-3.6.13","pipeline-maven-3.6.14","pipeline-maven-3.6.15-beta-1","pipeline-maven-3.6.2","pipeline-maven-3.6.3","pipeline-maven-3.6.4","pipeline-maven-3.6.4-beta-1","pipeline-maven-3.6.5","pipeline-maven-3.6.5-beta-1","pipeline-maven-3.6.6","pipeline-maven-3.6.6-beta-1","pipeline-maven-3.6.6-beta-2","pipeline-maven-3.6.6-beta-3","pipeline-maven-3.6.6-beta-4","pipeline-maven-3.6.7","pipeline-maven-3.6.8","pipeline-maven-3.6.8-beta-1","pipeline-maven-3.6.8-beta-2","pipeline-maven-3.6.9","pipeline-maven-3.7.0","pipeline-maven-3.7.0-beta-1","pipeline-maven-3.7.1","pipeline-maven-3.8.0","pipeline-maven-3.8.1","pipeline-maven-3.8.2","pipeline-maven-parent-2.0","pipeline-maven-parent-2.0-beta-3","pipeline-maven-parent-2.0-beta-4","pipeline-maven-parent-2.0-beta-5","pipeline-maven-parent-2.0-beta-6","pipeline-maven-parent-2.0-beta-7","pipeline-maven-parent-2.0.1","pipeline-maven-parent-2.0.2","pipeline-maven-parent-2.0.3","pipeline-maven-parent-2.1.0","pipeline-maven-parent-2.1.0-beta-1","pipeline-maven-parent-2.1.1-beta-1","pipeline-maven-parent-2.2.0","pipeline-maven-parent-2.2.1","pipeline-maven-parent-2.3.0","pipeline-maven-parent-2.3.1","pipeline-maven-parent-2.4.0","pipeline-maven-parent-2.5.0","pipeline-maven-parent-2.5.1","pipeline-maven-parent-2.5.2","pipeline-maven-pom-2.0-beta-1","pipeline-maven-pom-2.0-beta-2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2234.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}