| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-2099 | 7.5 |
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
| CVE-2020-2104 | 4.0 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
| CVE-2020-2100 | 5.0 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
| CVE-2020-2103 | 4.0 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
| CVE-2020-2102 | 3.5 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
| CVE-2020-2101 | 3.5 |
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
| CVE-2020-2105 | 4.3 |
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
|
25-10-2023 - 18:16 | 29-01-2020 - 16:15 | |
| CVE-2020-8945 | 5.1 |
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
|
18-10-2022 - 17:59 | 12-02-2020 - 18:15 |