Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-r78q-qgx6-64pp

GitHub Security Advisory

Memory usage graphs accessible to anyone with Overall/Read

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins includes a feature that shows a JVM memory usage chart for the Jenkins controller.

Access to the chart in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier requires no permissions beyond the general Overall/Read, allowing users who are not administrators to view JVM memory usage data.

Jenkins 2.219, LTS 2.204.2 now requires Overall/Administer permissions to view the JVM memory usage chart.

Affected Packages

Maven org.jenkins-ci.main:jenkins-core
Affected versions: 0 (fixed in 2.204.2)
Maven org.jenkins-ci.main:jenkins-core
Affected versions: 2.205 (fixed in 2.219)

Related CVEs

CVE-2020-2104

Key Information

GHSA ID
GHSA-r78q-qgx6-64pp
Published
May 24, 2022 5:07 PM
Last Modified
December 19, 2022 9:13 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.main:jenkins-core
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.