Lucene search

K
cvelistJenkinsCVELIST:CVE-2020-2101
HistoryJan 29, 2020 - 3:15 p.m.

CVE-2020-2101

2020-01-2915:15:28
jenkins
www.cve.org

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.6%

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.

CNA Affected

[
  {
    "product": "Jenkins",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.218",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "LTS 2.204.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.6%