Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jenkins-ci.main/jenkins-core@2.214
Typemaven
Namespaceorg.jenkins-ci.main
Namejenkins-core
Version2.214
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.219
Latest_non_vulnerable_version2.555
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-urd7-cve7-dqdk
vulnerability_id VCID-urd7-cve7-dqdk
summary 
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier includes support for the Inbound TCP Agent Protocol/3 for communication between controller and agents. While [this protocol has been deprecated in 2018](https://www.jenkins.io/changelog-old/#v2.128) and was recently removed from Jenkins in 2.214, it could still easily be enabled in Jenkins LTS 2.204.1, 2.213, and older.

This protocol incorrectly reuses encryption parameters which allow an unauthenticated remote attacker to determine the connection secret. This secret can then be used to connect attacker-controlled Jenkins agents to the Jenkins controller.

Jenkins 2.204.2 no longer allows for the use of Inbound TCP Agent Protocol/3 by default. The system property `jenkins.slaves.JnlpSlaveAgentProtocol3.ALLOW_UNSAFE` can be set to `true` to allow enabling the Inbound TCP Agent Protocol/3 in Jenkins 2.204.2, but doing so is strongly discouraged.

Inbound TCP Agent Protocol/3 was removed completely from Jenkins 2.214 and will not be part of Jenkins LTS after the end of the 2.204.x line.
references
0
reference_url https://access.redhat.com/errata/RHBA-2020:0402
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0402
1
reference_url https://access.redhat.com/errata/RHBA-2020:0675
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2020:0675
2
reference_url https://access.redhat.com/errata/RHSA-2020:0681
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0681
3
reference_url https://access.redhat.com/errata/RHSA-2020:0683
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0683
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2099.json
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2099.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-2099
reference_id
reference_type
scores
0
value 0.00643
scoring_system epss
scoring_elements 0.70581
published_at 2026-04-07T12:55:00Z
1
value 0.00643
scoring_system epss
scoring_elements 0.70721
published_at 2026-04-24T12:55:00Z
2
value 0.00643
scoring_system epss
scoring_elements 0.70668
published_at 2026-04-21T12:55:00Z
3
value 0.00643
scoring_system epss
scoring_elements 0.70689
published_at 2026-04-18T12:55:00Z
4
value 0.00643
scoring_system epss
scoring_elements 0.70681
published_at 2026-04-16T12:55:00Z
5
value 0.00643
scoring_system epss
scoring_elements 0.70636
published_at 2026-04-13T12:55:00Z
6
value 0.00643
scoring_system epss
scoring_elements 0.7065
published_at 2026-04-12T12:55:00Z
7
value 0.00643
scoring_system epss
scoring_elements 0.70665
published_at 2026-04-11T12:55:00Z
8
value 0.00643
scoring_system epss
scoring_elements 0.70642
published_at 2026-04-09T12:55:00Z
9
value 0.00643
scoring_system epss
scoring_elements 0.70603
published_at 2026-04-04T12:55:00Z
10
value 0.00643
scoring_system epss
scoring_elements 0.70626
published_at 2026-04-08T12:55:00Z
11
value 0.00643
scoring_system epss
scoring_elements 0.70574
published_at 2026-04-01T12:55:00Z
12
value 0.00643
scoring_system epss
scoring_elements 0.70587
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-2099
6
reference_url https://github.com/jenkinsci/jenkins
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins
7
reference_url https://github.com/jenkinsci/jenkins/commit/5054bc6e12e1022993d719f66e289ab1d22ae854
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jenkinsci/jenkins/commit/5054bc6e12e1022993d719f66e289ab1d22ae854
8
reference_url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-2099
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-2099
10
reference_url http://www.openwall.com/lists/oss-security/2020/01/29/1
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/01/29/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1797080
reference_id 1797080
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1797080
12
reference_url https://github.com/advisories/GHSA-qp4f-2w67-c8hw
reference_id GHSA-qp4f-2w67-c8hw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp4f-2w67-c8hw
fixed_packages
0
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2
1
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.214
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.214
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.214
2
url pkg:maven/org.jenkins-ci.main/jenkins-core@2.219
purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.219
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.219
aliases CVE-2020-2099, GHSA-qp4f-2w67-c8hw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urd7-cve7-dqdk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.214