Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-urd7-cve7-dqdk

Summary

Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier includes support for the Inbound TCP Agent Protocol/3 for communication between controller and agents. While [this protocol has been deprecated in 2018](https://www.jenkins.io/changelog-old/#v2.128) and was recently removed from Jenkins in 2.214, it could still easily be enabled in Jenkins LTS 2.204.1, 2.213, and older.

This protocol incorrectly reuses encryption parameters which allow an unauthenticated remote attacker to determine the connection secret. This secret can then be used to connect attacker-controlled Jenkins agents to the Jenkins controller.

Jenkins 2.204.2 no longer allows for the use of Inbound TCP Agent Protocol/3 by default. The system property `jenkins.slaves.JnlpSlaveAgentProtocol3.ALLOW_UNSAFE` can be set to `true` to allow enabling the Inbound TCP Agent Protocol/3 in Jenkins 2.204.2, but doing so is strongly discouraged.

Inbound TCP Agent Protocol/3 was removed completely from Jenkins 2.214 and will not be part of Jenkins LTS after the end of the 2.204.x line.

Aliases

alias	CVE-2020-2099

alias	GHSA-qp4f-2w67-c8hw

Fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.214
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.214
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.214

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.219
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.219
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.219

Affected_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.205

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.205

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9c49-hb3u-n7dq

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.205

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.218

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.218

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.218

url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.170-1.git.1.91db82e?arch=el7

purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.170-1.git.1.91db82e?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.170-1.git.1.91db82e%3Farch=el7

url pkg:rpm/redhat/atomic-openshift@3.11.170-1.git.0.00cac56?arch=el7

purl pkg:rpm/redhat/atomic-openshift@3.11.170-1.git.0.00cac56?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.170-1.git.0.00cac56%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.170-1.git.1.0a0df6a?arch=el7

purl pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.170-1.git.1.0a0df6a?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.170-1.git.1.0a0df6a%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-descheduler@3.11.170-1.git.1.9ad83f2?arch=el7

purl pkg:rpm/redhat/atomic-openshift-descheduler@3.11.170-1.git.1.9ad83f2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.11.170-1.git.1.9ad83f2%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.170-1.git.1.55fab05?arch=el7

purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.170-1.git.1.55fab05?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.170-1.git.1.55fab05%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.170-1.git.1.357f177?arch=el7

purl pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.170-1.git.1.357f177?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.170-1.git.1.357f177%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.170-1.git.1.b1f90a6?arch=el7

purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.170-1.git.1.b1f90a6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.170-1.git.1.b1f90a6%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-service-idler@3.11.170-1.git.1.8328979?arch=el7

purl pkg:rpm/redhat/atomic-openshift-service-idler@3.11.170-1.git.1.8328979?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@3.11.170-1.git.1.8328979%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-web-console@3.11.170-1.git.1.3d64e8b?arch=el7

purl pkg:rpm/redhat/atomic-openshift-web-console@3.11.170-1.git.1.3d64e8b?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.11.170-1.git.1.3d64e8b%3Farch=el7

url pkg:rpm/redhat/cri-o@1.11.16-0.5.dev.rhaos3.11.git3f89eba?arch=el7

purl pkg:rpm/redhat/cri-o@1.11.16-0.5.dev.rhaos3.11.git3f89eba?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.11.16-0.5.dev.rhaos3.11.git3f89eba%3Farch=el7

url pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.170-1.git.1.b49be83?arch=el7

purl pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.170-1.git.1.b49be83?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.170-1.git.1.b49be83%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.170-1.git.1.61d7960?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.170-1.git.1.61d7960?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.170-1.git.1.61d7960%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.170-1.git.1.51473b7?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.170-1.git.1.51473b7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.170-1.git.1.51473b7%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.170-1.git.1.227bc98?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.170-1.git.1.227bc98?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.170-1.git.1.227bc98%3Farch=el7

url pkg:rpm/redhat/jenkins@2.204.2.1580891656-1?arch=el7

purl pkg:rpm/redhat/jenkins@2.204.2.1580891656-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.2.1580891656-1%3Farch=el7

url pkg:rpm/redhat/jenkins@2.204.2.1583446818-1?arch=el7

purl pkg:rpm/redhat/jenkins@2.204.2.1583446818-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.2.1583446818-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@3.11.1579107288-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1579107288-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1579107288-1%3Farch=el7

url pkg:rpm/redhat/openshift-ansible@3.11.170-2.git.5.8802564?arch=el7

purl pkg:rpm/redhat/openshift-ansible@3.11.170-2.git.5.8802564?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.170-2.git.5.8802564%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.170-1.git.1.dfe6c52?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.170-1.git.1.dfe6c52?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.170-1.git.1.dfe6c52%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.170-1.git.1.661684b?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.170-1.git.1.661684b?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.170-1.git.1.661684b%3Farch=el7

url pkg:rpm/redhat/openshift-kuryr@3.11.170-1.git.1.7265da1?arch=el7

purl pkg:rpm/redhat/openshift-kuryr@3.11.170-1.git.1.7265da1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-kuryr@3.11.170-1.git.1.7265da1%3Farch=el7

References

reference_url

https://access.redhat.com/errata/RHBA-2020:0402

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2020:0402

reference_url

https://access.redhat.com/errata/RHBA-2020:0675

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2020:0675

reference_url

https://access.redhat.com/errata/RHSA-2020:0681

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0681

reference_url

https://access.redhat.com/errata/RHSA-2020:0683

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0683

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2099.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2099

reference_id

reference_type

scores

value	0.00643
scoring_system	epss
scoring_elements	0.70587
published_at	2026-04-02T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70681
published_at	2026-04-16T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70636
published_at	2026-04-13T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.7065
published_at	2026-04-12T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70665
published_at	2026-04-11T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70642
published_at	2026-04-09T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70626
published_at	2026-04-08T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70581
published_at	2026-04-07T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70603
published_at	2026-04-04T12:55:00Z

value	0.00643
scoring_system	epss
scoring_elements	0.70574
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2099

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/5054bc6e12e1022993d719f66e289ab1d22ae854

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/5054bc6e12e1022993d719f66e289ab1d22ae854

reference_url

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2099

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2099

reference_url

http://www.openwall.com/lists/oss-security/2020/01/29/1

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/01/29/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1797080
reference_id	1797080
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1797080

reference_url

https://github.com/advisories/GHSA-qp4f-2w67-c8hw

reference_id

GHSA-qp4f-2w67-c8hw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qp4f-2w67-c8hw

Weaknesses

cwe_id	323
name	Reusing a Nonce, Key Pair in Encryption
description	Nonces should be used for the present occasion and only once.

cwe_id	330
name	Use of Insufficiently Random Values
description	The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

cwe_id	305
name	Authentication Bypass by Primary Weakness
description	The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urd7-cve7-dqdk

Vulnerability Instance