VulnerableCode Package Details - pkg:maven/io.jenkins.blueocean/blueocean@1.23.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-jj88-rbff-4ygb Aliases: CVE-2020-2255 GHSA-vc7g-4269-f7hw	Missing permission check in Blue Ocean Plugin ### Updated 2020-09-16 This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. ### Original Description Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Blue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests.	1.23.3 Affected by 0 other vulnerabilities.
VCID-sa11-2uur-8ybd Aliases: CVE-2020-2254 GHSA-vq7j-6pcq-f48p	Path traversal vulnerability in Blue Ocean Plugin Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, `blueocean.features.GIT_READ_SAVE_TYPE`, that when set to the value `clone` allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins controller file system. Blue Ocean Plugin 1.23.3 no longer includes this feature and redirects existing usage to a safer alternative.	1.23.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-jj88-rbff-4ygb
Aliases:
CVE-2020-2255
GHSA-vc7g-4269-f7hw

Missing permission check in Blue Ocean Plugin ### Updated 2020-09-16 This entry previously misidentified the problematic behavior. The HTTP request itself is legitimate, but only authorized users should be able to perform it. ### Original Description Blue Ocean Plugin 1.23.2 and earlier does not perform permission checks in several HTTP endpoints implementing connection tests. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Blue Ocean Plugin 1.23.3 requires Item/Create permission to perform these connection tests.

1.23.3
Affected by 0 other vulnerabilities.

VCID-sa11-2uur-8ybd
Aliases:
CVE-2020-2254
GHSA-vq7j-6pcq-f48p

Path traversal vulnerability in Blue Ocean Plugin Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag, `blueocean.features.GIT_READ_SAVE_TYPE`, that when set to the value `clone` allows an attacker with Item/Configure or Item/Create permission to read arbitrary files on the Jenkins controller file system. Blue Ocean Plugin 1.23.3 no longer includes this feature and redirects existing usage to a safer alternative.

1.23.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:37:20.542227+00:00	GitLab Importer	Affected by	VCID-jj88-rbff-4ygb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.jenkins.blueocean/blueocean/CVE-2020-2255.yml	38.0.0
2026-04-01T16:01:46.539550+00:00	GHSA Importer	Affected by	VCID-jj88-rbff-4ygb	https://github.com/advisories/GHSA-vc7g-4269-f7hw	38.0.0
2026-04-01T16:01:46.448877+00:00	GHSA Importer	Affected by	VCID-sa11-2uur-8ybd	https://github.com/advisories/GHSA-vq7j-6pcq-f48p	38.0.0