{"id":"CVE-2020-2282","details":"Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.","aliases":["GHSA-5hw2-327v-vvr6"],"modified":"2026-04-11T20:41:59.591396Z","published":"2020-09-23T14:15:13.273Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/23/1"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-2004"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/implied-labels-plugin","events":[{"introduced":"0"},{"last_affected":"065317f33af0ff4f1611ba7d2a3f3424fbcd4a27"}],"database_specific":{"cpe":"cpe:2.3:a:jenkins:implied_labels:*:*:*:*:*:jenkins:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"0.6"}]}}],"versions":["implied-labels-0.1","implied-labels-0.2","implied-labels-0.3","implied-labels-0.4","implied-labels-0.5","implied-labels-0.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-2282.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}