CVE-2020-2099
CVSS v3.1
8.6 (High)
CVSS v2.0
7.5 (High)
EPSS
0.45 % (75th)
Affected Products
1
Advisories
3
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.
Weaknesses
- CWE-330
- Use of Insufficiently Random Values
- CVE Status
- PUBLISHED
- CNA
- Jenkins Project
- Published Date
-
2020-01-29 16:15:12
(4 years ago) - Updated Date
-
2023-10-25 18:16:29
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...