CVE-2020-2260

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

Published Feb 4, 2026

https://github.com/advisories/GHSA-3h2q-m63q-9cf6

CVSS ScoreMedium

4.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2020-2260

A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.

Published Feb 4, 2026

https://github.com/advisories/GHSA-3h2q-m63q-9cf6

CVSS ScoreMedium

4.3


maven	io.jenkins.plugins/perfecto	1.12
maven	io.jenkins.plugins/perfecto	1.13
maven	io.jenkins.plugins/perfecto	1.14
maven	io.jenkins.plugins/perfecto	1.15
maven	io.jenkins.plugins/perfecto	1.16
maven	io.jenkins.plugins/perfecto	1.17

Ecosystem	Package	Version


maven	io.jenkins.plugins/perfecto	1.12
maven	io.jenkins.plugins/perfecto	1.13
maven	io.jenkins.plugins/perfecto	1.14
maven	io.jenkins.plugins/perfecto	1.15
maven	io.jenkins.plugins/perfecto	1.16
maven	io.jenkins.plugins/perfecto	1.17

Find vulnerabilities. Fix fast with AI.

CVE-2020-2260

CVE-2020-2260