Ecosystem	Package	Version

Vulnerabilities

CVE-2020-2258

CVE-2020-2258

Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint.

Published Feb 3, 2026

https://github.com/advisories/GHSA-c445-xm3f-hmfh

CVSS ScoreMedium

4.3

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	1.0
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	1.1
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	1.2
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	1.3
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	1.4
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	1.5
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	2.10
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	2.11
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	3.0.1
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	3.0.2
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	3.0
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	3.1.0
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	3.1.1
maven	org.jenkins-ci.plugins/cloudbees-jenkins-advisor	3.2.0

CVE-2020-2258 | Components Impacted | Sonatype Guide | Sonatype Guide