Skip to main content

MongoDB CVE-2020-2267

MEDIUM
Missing Authorization (CWE-862)
2020-09-16 jenkinsci-cert@googlegroups.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 16, 2020 - 14:15 nvd
MEDIUM 4.3

DescriptionNVD

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller.

AnalysisAI

A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier allows attackers with Overall/Read permission to gain access to some metadata of any arbitrary files on the Jenkins controller. Affected products include: Jenkins Mongodb.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

CVE-2013-1892 MEDIUM POC
6.0 Oct 01

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMo

CVE-2013-3969 MEDIUM POC
6.5 Oct 01

The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a

CVE-2026-25887 HIGH POC
7.2 Mar 06

Remote code execution in Chartbrew versions prior to 4.8.1 allows authenticated attackers with high privileges to execut

CVE-2019-2386 HIGH POC
7.1 Aug 06

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's

CVE-2012-6619 MEDIUM POC
6.4 Mar 06

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to

CVE-2026-3431 CRITICAL
9.8 Mar 02

SimStudio below 0.5.74 has a missing authorization on MongoDB tool endpoints that allows attackers to execute arbitrary

CVE-2024-8654 CRITICAL
9.8 Sep 10

MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are calle

CVE-2024-1351 CRITICAL
9.8 Mar 07

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which ma

CVE-2021-20333 MEDIUM POC
5.3 Jul 23

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log e

CVE-2017-15535 CRITICAL
9.1 Nov 01

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompr

CVE-2020-2268 HIGH
8.8 Sep 16

A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB Plugin 1.3 and earlier allows attackers to gain acc

CVE-2013-2132 MEDIUM POC
4.3 Aug 15

bson/_cbsonmodule.c in the mongo-python-driver (aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely ex

Share

CVE-2020-2267 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy