Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jenkins@2.204.2.1583446818-1?arch=el7
Typerpm
Namespaceredhat
Namejenkins
Version2.204.2.1583446818-1
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-at4v-19pn-wqf2
vulnerability_id VCID-at4v-19pn-wqf2
summary 
Jenkins REST APIs vulnerable to clickjacking
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the `X-Frame-Options: deny` HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web page that embeds a REST API endpoint in an iframe and tricking the user into performing an action which would allow for the attacker to learn the content of that REST API endpoint.

Jenkins 2.219, LTS 2.204.2 now adds the `X-Frame-Options: deny` HTTP header to REST API responses, which prevents these types of clickjacking attacks.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2105.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2105.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2105
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.56963
published_at 2026-04-01T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57105
published_at 2026-04-16T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57076
published_at 2026-04-13T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.571
published_at 2026-04-18T12:55:00Z
4
value 0.00345
scoring_system epss
scoring_elements 0.57121
published_at 2026-04-11T12:55:00Z
5
value 0.00345
scoring_system epss
scoring_elements 0.57109
published_at 2026-04-09T12:55:00Z
6
value 0.00345
scoring_system epss
scoring_elements 0.57107
published_at 2026-04-08T12:55:00Z
7
value 0.00345
scoring_system epss
scoring_elements 0.57079
published_at 2026-04-04T12:55:00Z
8
value 0.00345
scoring_system epss
scoring_elements 0.57057
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2105
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/639ade55caa05324c60d15b2fa8df27ee0111b76
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/639ade55caa05324c60d15b2fa8df27ee0111b76
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2105
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2105
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797068
reference_id 1797068
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797068
12
reference_url https://github.com/advisories/GHSA-7xp8-7wqx-5hqx
reference_id GHSA-7xp8-7wqx-5hqx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xp8-7wqx-5hqx
fixed_packages
aliases CVE-2020-2105, GHSA-7xp8-7wqx-5hqx
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at4v-19pn-wqf2
1
url VCID-kvq9-4uqu-pfah
vulnerability_id VCID-kvq9-4uqu-pfah
summary 
Jenkins vulnerable to UDP amplification reflection attack
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier supports two network discovery services (UDP multicast/broadcast and DNS multicast) by default.

The UDP multicast/broadcast service can be used in an amplification reflection attack, as very few bytes sent to the respective endpoint result in much larger responses: A single byte request to this service would respond with more than 100 bytes of Jenkins metadata which could be used in a DDoS attack on a Jenkins controller. Within the same network, spoofed UDP packets could also be sent to make two Jenkins controllers go into an infinite loop of replies to one another, thus causing a denial of service.

Jenkins 2.219, LTS 2.204.2 now disables both UDP multicast/broadcast and DNS multicast by default.

Administrators that need these features can re-enable them again by setting the system property `hudson.DNSMultiCast.disabled` to `false` (for DNS multicast) or the system property `hudson.udp` to `33848`, or another port (for UDP broadcast/multicast). These are the same system properties that controlled whether these features were enabled in the past, so any instances explicitly enabling these features by setting these system properties will continue to have them enabled.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2100.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2100.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2100
reference_id
reference_type
scores
0
value 0.0137
scoring_system epss
scoring_elements 0.80189
published_at 2026-04-04T12:55:00Z
1
value 0.0137
scoring_system epss
scoring_elements 0.80244
published_at 2026-04-18T12:55:00Z
2
value 0.0137
scoring_system epss
scoring_elements 0.80243
published_at 2026-04-16T12:55:00Z
3
value 0.0137
scoring_system epss
scoring_elements 0.80215
published_at 2026-04-13T12:55:00Z
4
value 0.0137
scoring_system epss
scoring_elements 0.8022
published_at 2026-04-12T12:55:00Z
5
value 0.0137
scoring_system epss
scoring_elements 0.80234
published_at 2026-04-11T12:55:00Z
6
value 0.0137
scoring_system epss
scoring_elements 0.80214
published_at 2026-04-09T12:55:00Z
7
value 0.0137
scoring_system epss
scoring_elements 0.80206
published_at 2026-04-08T12:55:00Z
8
value 0.0137
scoring_system epss
scoring_elements 0.80178
published_at 2026-04-07T12:55:00Z
9
value 0.0137
scoring_system epss
scoring_elements 0.80162
published_at 2026-04-01T12:55:00Z
10
value 0.0137
scoring_system epss
scoring_elements 0.80169
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2100
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/cd28a6d9347228b03da0e45653e23032342c2a36
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/cd28a6d9347228b03da0e45653e23032342c2a36
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2100
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2100
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797087
reference_id 1797087
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797087
12
reference_url https://github.com/advisories/GHSA-gpxv-776p-7gc7
reference_id GHSA-gpxv-776p-7gc7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gpxv-776p-7gc7
fixed_packages
aliases CVE-2020-2100, GHSA-gpxv-776p-7gc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kvq9-4uqu-pfah
2
url VCID-qg4r-a3xt-kfbh
vulnerability_id VCID-qg4r-a3xt-kfbh
summary 
Memory usage graphs accessible to anyone with Overall/Read
Jenkins includes a feature that shows a JVM memory usage chart for the Jenkins controller.

Access to the chart in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier requires no permissions beyond the general Overall/Read, allowing users who are not administrators to view JVM memory usage data.

Jenkins 2.219, LTS 2.204.2 now requires Overall/Administer permissions to view the JVM memory usage chart.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2104.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2104.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2104
reference_id
reference_type
scores
0
value 0.00473
scoring_system epss
scoring_elements 0.64734
published_at 2026-04-18T12:55:00Z
1
value 0.00473
scoring_system epss
scoring_elements 0.64607
published_at 2026-04-01T12:55:00Z
2
value 0.00473
scoring_system epss
scoring_elements 0.64659
published_at 2026-04-02T12:55:00Z
3
value 0.00473
scoring_system epss
scoring_elements 0.64687
published_at 2026-04-04T12:55:00Z
4
value 0.00473
scoring_system epss
scoring_elements 0.64645
published_at 2026-04-07T12:55:00Z
5
value 0.00473
scoring_system epss
scoring_elements 0.64694
published_at 2026-04-08T12:55:00Z
6
value 0.00473
scoring_system epss
scoring_elements 0.64709
published_at 2026-04-09T12:55:00Z
7
value 0.00473
scoring_system epss
scoring_elements 0.64726
published_at 2026-04-11T12:55:00Z
8
value 0.00473
scoring_system epss
scoring_elements 0.64714
published_at 2026-04-12T12:55:00Z
9
value 0.00473
scoring_system epss
scoring_elements 0.64686
published_at 2026-04-13T12:55:00Z
10
value 0.00473
scoring_system epss
scoring_elements 0.64722
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2104
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/7d44836fad0f49341ae2a61de06dbb556014a2df
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/7d44836fad0f49341ae2a61de06dbb556014a2df
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2104
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2104
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797065
reference_id 1797065
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797065
12
reference_url https://github.com/advisories/GHSA-r78q-qgx6-64pp
reference_id GHSA-r78q-qgx6-64pp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r78q-qgx6-64pp
fixed_packages
aliases CVE-2020-2104, GHSA-r78q-qgx6-64pp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qg4r-a3xt-kfbh
3
url VCID-s9rq-3bpy-83fu
vulnerability_id VCID-s9rq-3bpy-83fu
summary 
Non-constant time HMAC comparison
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison when checking whether two HMACs are equal. This could potentially allow attackers to use statistical methods to obtain a valid HMAC for an attacker-controlled input value.

Jenkins 2.219, LTS 2.204.2 now uses a constant-time comparison when validating HMACs.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2102.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2102.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2102
reference_id
reference_type
scores
0
value 0.01523
scoring_system epss
scoring_elements 0.81304
published_at 2026-04-18T12:55:00Z
1
value 0.01523
scoring_system epss
scoring_elements 0.8121
published_at 2026-04-02T12:55:00Z
2
value 0.01523
scoring_system epss
scoring_elements 0.81302
published_at 2026-04-16T12:55:00Z
3
value 0.01523
scoring_system epss
scoring_elements 0.81265
published_at 2026-04-13T12:55:00Z
4
value 0.01523
scoring_system epss
scoring_elements 0.81273
published_at 2026-04-12T12:55:00Z
5
value 0.01523
scoring_system epss
scoring_elements 0.81287
published_at 2026-04-11T12:55:00Z
6
value 0.01523
scoring_system epss
scoring_elements 0.81266
published_at 2026-04-09T12:55:00Z
7
value 0.01523
scoring_system epss
scoring_elements 0.81261
published_at 2026-04-08T12:55:00Z
8
value 0.01523
scoring_system epss
scoring_elements 0.81233
published_at 2026-04-07T12:55:00Z
9
value 0.01523
scoring_system epss
scoring_elements 0.81201
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2102
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/6f35dbb939ebe947bdb1979010b208480f1d0e31
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/6f35dbb939ebe947bdb1979010b208480f1d0e31
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2102
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2102
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797071
reference_id 1797071
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797071
12
reference_url https://github.com/advisories/GHSA-fj6f-6933-839j
reference_id GHSA-fj6f-6933-839j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fj6f-6933-839j
fixed_packages
aliases CVE-2020-2102, GHSA-fj6f-6933-839j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9rq-3bpy-83fu
4
url VCID-sejb-9wh7-k7c4
vulnerability_id VCID-sejb-9wh7-k7c4
summary 
Jenkins Diagnostic page exposed session cookies
Jenkins shows various technical details about the current user on the `/whoAmI` page. In [a previous fix](https://www.jenkins.io/security/advisory/2019-09-25/#SECURITY-1505), the `Cookie` header value containing the HTTP session ID was redacted. However, user metadata shown on this page could also include the HTTP session ID in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier.

This allows attackers able to exploit a cross-site scripting vulnerability to obtain the HTTP session ID value from this page.

Jenkins 2.219, LTS 2.204.2 no longer prints out the affected user metadata that might contain the HTTP session ID.

Additionally, we also redact values of further authentication-related HTTP headers in addition to `Cookie` on this page as a hardening.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2103.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2103.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2103
reference_id
reference_type
scores
0
value 0.45215
scoring_system epss
scoring_elements 0.97583
published_at 2026-04-02T12:55:00Z
1
value 0.45215
scoring_system epss
scoring_elements 0.97609
published_at 2026-04-18T12:55:00Z
2
value 0.45215
scoring_system epss
scoring_elements 0.97608
published_at 2026-04-16T12:55:00Z
3
value 0.45215
scoring_system epss
scoring_elements 0.976
published_at 2026-04-13T12:55:00Z
4
value 0.45215
scoring_system epss
scoring_elements 0.97597
published_at 2026-04-11T12:55:00Z
5
value 0.45215
scoring_system epss
scoring_elements 0.97595
published_at 2026-04-09T12:55:00Z
6
value 0.45215
scoring_system epss
scoring_elements 0.97592
published_at 2026-04-08T12:55:00Z
7
value 0.45215
scoring_system epss
scoring_elements 0.97586
published_at 2026-04-07T12:55:00Z
8
value 0.45215
scoring_system epss
scoring_elements 0.97585
published_at 2026-04-04T12:55:00Z
9
value 0.45215
scoring_system epss
scoring_elements 0.97577
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2103
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/77f36f37f5e3cabd0e4ece16d46d7943454ed15b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/77f36f37f5e3cabd0e4ece16d46d7943454ed15b
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2103
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2103
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797062
reference_id 1797062
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797062
12
reference_url https://github.com/advisories/GHSA-4jjj-cm7q-v6hr
reference_id GHSA-4jjj-cm7q-v6hr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4jjj-cm7q-v6hr
fixed_packages
aliases CVE-2020-2103, GHSA-4jjj-cm7q-v6hr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sejb-9wh7-k7c4
5
url VCID-t8f3-q2yk-gqfk
vulnerability_id VCID-t8f3-q2yk-gqfk
summary 
Non-constant time comparison of inbound TCP agent connection secret
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain the connection secret.

Jenkins 2.219, LTS 2.204.2 now uses a constant-time comparison function for verifying connection secrets.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2101.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2101.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2101
reference_id
reference_type
scores
0
value 0.01645
scoring_system epss
scoring_elements 0.81912
published_at 2026-04-02T12:55:00Z
1
value 0.01645
scoring_system epss
scoring_elements 0.82003
published_at 2026-04-18T12:55:00Z
2
value 0.01645
scoring_system epss
scoring_elements 0.81968
published_at 2026-04-13T12:55:00Z
3
value 0.01645
scoring_system epss
scoring_elements 0.81973
published_at 2026-04-12T12:55:00Z
4
value 0.01645
scoring_system epss
scoring_elements 0.81984
published_at 2026-04-11T12:55:00Z
5
value 0.01645
scoring_system epss
scoring_elements 0.81965
published_at 2026-04-09T12:55:00Z
6
value 0.01645
scoring_system epss
scoring_elements 0.81957
published_at 2026-04-08T12:55:00Z
7
value 0.01645
scoring_system epss
scoring_elements 0.81931
published_at 2026-04-07T12:55:00Z
8
value 0.01645
scoring_system epss
scoring_elements 0.81934
published_at 2026-04-04T12:55:00Z
9
value 0.01645
scoring_system epss
scoring_elements 0.819
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2101
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/0ba36508187ff771bba87feaf03057496775064c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/0ba36508187ff771bba87feaf03057496775064c
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2101
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2101
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797084
reference_id 1797084
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797084
12
reference_url https://github.com/advisories/GHSA-w7jr-wqw6-54xc
reference_id GHSA-w7jr-wqw6-54xc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w7jr-wqw6-54xc
fixed_packages
aliases CVE-2020-2101, GHSA-w7jr-wqw6-54xc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t8f3-q2yk-gqfk
6
url VCID-urd7-cve7-dqdk
vulnerability_id VCID-urd7-cve7-dqdk
summary 
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier includes support for the Inbound TCP Agent Protocol/3 for communication between controller and agents. While [this protocol has been deprecated in 2018](https://www.jenkins.io/changelog-old/#v2.128) and was recently removed from Jenkins in 2.214, it could still easily be enabled in Jenkins LTS 2.204.1, 2.213, and older.

This protocol incorrectly reuses encryption parameters which allow an unauthenticated remote attacker to determine the connection secret. This secret can then be used to connect attacker-controlled Jenkins agents to the Jenkins controller.

Jenkins 2.204.2 no longer allows for the use of Inbound TCP Agent Protocol/3 by default. The system property `jenkins.slaves.JnlpSlaveAgentProtocol3.ALLOW_UNSAFE` can be set to `true` to allow enabling the Inbound TCP Agent Protocol/3 in Jenkins 2.204.2, but doing so is strongly discouraged.

Inbound TCP Agent Protocol/3 was removed completely from Jenkins 2.214 and will not be part of Jenkins LTS after the end of the 2.204.x line.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2099.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2099.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2099
reference_id
reference_type
scores
0
value 0.00643
scoring_system epss
scoring_elements 0.70603
published_at 2026-04-04T12:55:00Z
1
value 0.00643
scoring_system epss
scoring_elements 0.70689
published_at 2026-04-18T12:55:00Z
2
value 0.00643
scoring_system epss
scoring_elements 0.70681
published_at 2026-04-16T12:55:00Z
3
value 0.00643
scoring_system epss
scoring_elements 0.70636
published_at 2026-04-13T12:55:00Z
4
value 0.00643
scoring_system epss
scoring_elements 0.7065
published_at 2026-04-12T12:55:00Z
5
value 0.00643
scoring_system epss
scoring_elements 0.70665
published_at 2026-04-11T12:55:00Z
6
value 0.00643
scoring_system epss
scoring_elements 0.70642
published_at 2026-04-09T12:55:00Z
7
value 0.00643
scoring_system epss
scoring_elements 0.70626
published_at 2026-04-08T12:55:00Z
8
value 0.00643
scoring_system epss
scoring_elements 0.70581
published_at 2026-04-07T12:55:00Z
9
value 0.00643
scoring_system epss
scoring_elements 0.70574
published_at 2026-04-01T12:55:00Z
10
value 0.00643
scoring_system epss
scoring_elements 0.70587
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2099
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/5054bc6e12e1022993d719f66e289ab1d22ae854
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/5054bc6e12e1022993d719f66e289ab1d22ae854
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2099
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2099
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797080
reference_id 1797080
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797080
12
reference_url https://github.com/advisories/GHSA-qp4f-2w67-c8hw
reference_id GHSA-qp4f-2w67-c8hw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp4f-2w67-c8hw
fixed_packages
aliases CVE-2020-2099, GHSA-qp4f-2w67-c8hw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urd7-cve7-dqdk
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.2.1583446818-1%3Farch=el7