Lucene search
JenkinsCVELIST:CVE-2020-2099HistoryJan 29, 2020 - 3:15 p.m.
CVE-2020-2099
2020-01-2915:15:27
jenkins
www.cve.org
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.
CNA Affected
[
{
"product": "Jenkins",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2.213",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "LTS 2.204.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2020-2099
2020-01-29 16:15:12
osv
osv
CVE-2020-2099
2020-01-29 16:15:12
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
2022-05-24 17:07:40
BIT-jenkins-2020-2099
2024-03-06 11:07:09
prion
prion
Design/Logic Flaw
2020-01-29 16:15:00
redhatcve
redhatcve
CVE-2020-2099
2020-01-31 21:09:10
github
github
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
2022-05-24 17:07:40
openvas
openvas
Jenkins < 2.214, < 2.204.2 LTS Authentication Bypass Vulnerability - Linux
2020-02-04 00:00:00
Jenkins < 2.214, < 2.204.2 LTS Authentication Bypass Vulnerability - Windows
2020-02-04 00:00:00
nvd
nvd
CVE-2020-2099
2020-01-29 16:15:12
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2020-01-29 00:00:00