{"id":"CVE-2020-2281","details":"A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.","aliases":["GHSA-rvww-w62m-hch8"],"modified":"2026-04-10T04:24:43.816399Z","published":"2020-09-23T14:15:13.210Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2020-09-23/#SECURITY-1958"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/09/23/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/lockable-resources-plugin","events":[{"introduced":"0"},{"last_affected":"b7ec81a3056419046fd0ed708cbd7130be212d0e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.8"}]}}],"versions":["lockable-resources-1.0","lockable-resources-1.1","lockable-resources-1.10","lockable-resources-1.2","lockable-resources-1.3","lockable-resources-1.4","lockable-resources-1.5","lockable-resources-1.6","lockable-resources-1.7","lockable-resources-1.8","lockable-resources-1.9","lockable-resources-2.0","lockable-resources-2.1","lockable-resources-2.2","lockable-resources-2.3","lockable-resources-2.4","lockable-resources-2.5","lockable-resources-2.6","lockable-resources-2.7","lockable-resources-2.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2281.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}]}