Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-at4v-19pn-wqf2

Summary

Jenkins REST APIs vulnerable to clickjacking
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not serve the `X-Frame-Options: deny` HTTP header on REST API responses to protect against clickjacking attacks. An attacker could exploit this by routing the victim through a specially crafted web page that embeds a REST API endpoint in an iframe and tricking the user into performing an action which would allow for the attacker to learn the content of that REST API endpoint.

Jenkins 2.219, LTS 2.204.2 now adds the `X-Frame-Options: deny` HTTP header to REST API responses, which prevents these types of clickjacking attacks.

Aliases

alias	CVE-2020-2105

alias	GHSA-7xp8-7wqx-5hqx

Fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.2

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.219
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.219
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.219

Affected_packages

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.1

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-t8f3-q2yk-gqfk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.204.1

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.205

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.205

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9c49-hb3u-n7dq

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.205

url pkg:maven/org.jenkins-ci.main/jenkins-core@2.218

purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.218

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.218

url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.170-1.git.1.91db82e?arch=el7

purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.170-1.git.1.91db82e?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.170-1.git.1.91db82e%3Farch=el7

url pkg:rpm/redhat/atomic-openshift@3.11.170-1.git.0.00cac56?arch=el7

purl pkg:rpm/redhat/atomic-openshift@3.11.170-1.git.0.00cac56?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.170-1.git.0.00cac56%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.170-1.git.1.0a0df6a?arch=el7

purl pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.170-1.git.1.0a0df6a?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.170-1.git.1.0a0df6a%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-descheduler@3.11.170-1.git.1.9ad83f2?arch=el7

purl pkg:rpm/redhat/atomic-openshift-descheduler@3.11.170-1.git.1.9ad83f2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.11.170-1.git.1.9ad83f2%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.170-1.git.1.55fab05?arch=el7

purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.170-1.git.1.55fab05?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.170-1.git.1.55fab05%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.170-1.git.1.357f177?arch=el7

purl pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.170-1.git.1.357f177?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.170-1.git.1.357f177%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.170-1.git.1.b1f90a6?arch=el7

purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.170-1.git.1.b1f90a6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.170-1.git.1.b1f90a6%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-service-idler@3.11.170-1.git.1.8328979?arch=el7

purl pkg:rpm/redhat/atomic-openshift-service-idler@3.11.170-1.git.1.8328979?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@3.11.170-1.git.1.8328979%3Farch=el7

url pkg:rpm/redhat/atomic-openshift-web-console@3.11.170-1.git.1.3d64e8b?arch=el7

purl pkg:rpm/redhat/atomic-openshift-web-console@3.11.170-1.git.1.3d64e8b?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.11.170-1.git.1.3d64e8b%3Farch=el7

url pkg:rpm/redhat/cri-o@1.11.16-0.5.dev.rhaos3.11.git3f89eba?arch=el7

purl pkg:rpm/redhat/cri-o@1.11.16-0.5.dev.rhaos3.11.git3f89eba?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.11.16-0.5.dev.rhaos3.11.git3f89eba%3Farch=el7

url pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.170-1.git.1.b49be83?arch=el7

purl pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.170-1.git.1.b49be83?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.170-1.git.1.b49be83%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.170-1.git.1.61d7960?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.170-1.git.1.61d7960?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.170-1.git.1.61d7960%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.170-1.git.1.51473b7?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.170-1.git.1.51473b7?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.170-1.git.1.51473b7%3Farch=el7

url pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.170-1.git.1.227bc98?arch=el7

purl pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.170-1.git.1.227bc98?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.170-1.git.1.227bc98%3Farch=el7

url pkg:rpm/redhat/jenkins@2.204.2.1580891656-1?arch=el7

purl pkg:rpm/redhat/jenkins@2.204.2.1580891656-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.2.1580891656-1%3Farch=el7

url pkg:rpm/redhat/jenkins@2.204.2.1583446818-1?arch=el7

purl pkg:rpm/redhat/jenkins@2.204.2.1583446818-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins@2.204.2.1583446818-1%3Farch=el7

url pkg:rpm/redhat/jenkins-2-plugins@3.11.1579107288-1?arch=el7

purl pkg:rpm/redhat/jenkins-2-plugins@3.11.1579107288-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jenkins-2-plugins@3.11.1579107288-1%3Farch=el7

url pkg:rpm/redhat/openshift-ansible@3.11.170-2.git.5.8802564?arch=el7

purl pkg:rpm/redhat/openshift-ansible@3.11.170-2.git.5.8802564?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.170-2.git.5.8802564%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.170-1.git.1.dfe6c52?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.170-1.git.1.dfe6c52?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.170-1.git.1.dfe6c52%3Farch=el7

url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.170-1.git.1.661684b?arch=el7

purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.170-1.git.1.661684b?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.170-1.git.1.661684b%3Farch=el7

url pkg:rpm/redhat/openshift-kuryr@3.11.170-1.git.1.7265da1?arch=el7

purl pkg:rpm/redhat/openshift-kuryr@3.11.170-1.git.1.7265da1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3s9f-prpy-hbcx

vulnerability	VCID-at4v-19pn-wqf2

vulnerability	VCID-kvq9-4uqu-pfah

vulnerability	VCID-qg4r-a3xt-kfbh

vulnerability	VCID-s9rq-3bpy-83fu

vulnerability	VCID-sejb-9wh7-k7c4

vulnerability	VCID-t8f3-q2yk-gqfk

vulnerability	VCID-urd7-cve7-dqdk

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-kuryr@3.11.170-1.git.1.7265da1%3Farch=el7

References

reference_url

https://access.redhat.com/errata/RHBA-2020:0402

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2020:0402

reference_url

https://access.redhat.com/errata/RHBA-2020:0675

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHBA-2020:0675

reference_url

https://access.redhat.com/errata/RHSA-2020:0681

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0681

reference_url

https://access.redhat.com/errata/RHSA-2020:0683

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2020:0683

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2105.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-2105.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-2105

reference_id

reference_type

scores

value	0.00345
scoring_system	epss
scoring_elements	0.56963
published_at	2026-04-01T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57105
published_at	2026-04-16T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57076
published_at	2026-04-13T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.571
published_at	2026-04-12T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57121
published_at	2026-04-11T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57109
published_at	2026-04-09T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57107
published_at	2026-04-08T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57079
published_at	2026-04-04T12:55:00Z

value	0.00345
scoring_system	epss
scoring_elements	0.57057
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-2105

reference_url

https://github.com/jenkinsci/jenkins

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins

reference_url

https://github.com/jenkinsci/jenkins/commit/639ade55caa05324c60d15b2fa8df27ee0111b76

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/jenkinsci/jenkins/commit/639ade55caa05324c60d15b2fa8df27ee0111b76

reference_url

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-2105

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-2105

reference_url

http://www.openwall.com/lists/oss-security/2020/01/29/1

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/01/29/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1797068
reference_id	1797068
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1797068

reference_url

https://github.com/advisories/GHSA-7xp8-7wqx-5hqx

reference_id

GHSA-7xp8-7wqx-5hqx

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7xp8-7wqx-5hqx

Weaknesses

cwe_id	1021
name	Improper Restriction of Rendered UI Layers or Frames
description	The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

cwe_id	227
name	7PK - API Abuse
description	This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that involve the software using an API in a manner contrary to its intended use. According to the authors of the Seven Pernicious Kingdoms, "An API is a contract between a caller and a callee. The most common forms of API misuse occurs when the caller does not honor its end of this contract. For example, if a program does not call chdir() after calling chroot(), it violates the contract that specifies how to change the active root directory in a secure fashion. Another good example of library abuse is expecting the callee to return trustworthy DNS information to the caller. In this case, the caller misuses the callee API by making certain assumptions about its behavior (that the return value can be used for authentication purposes). One can also violate the caller-callee contract from the other side. For example, if a coder subclasses SecureRandom and returns a non-random value, the contract is violated."

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 3.1

Exploitability 0.5

Weighted_severity 2.8

Risk_score 1.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-at4v-19pn-wqf2

Vulnerability Instance