CVE-2020-2196 — Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS comma

Description

Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints. This allows attackers to perform the following actions: - Restart the Selenium Grid hub. - Delete or replace the plugin configuration. - Start, stop, or restart Selenium configurations on specific nodes. Through carefully chosen configuration parameters, these actions can result in OS command injection on the Jenkins controller.

How to fix CVE-2020-2196

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2020-2196 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 3.141.59

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-2196
PATCHgithub.com/jenkinsci/selenium-plugin
WEBjenkins.io/security/advisory/2020-06-03/#SECURITY-1766
WEBwww.openwall.com/lists/oss-security/2020/06/03/3
WEB