Lucene search

K
cvelistJenkinsCVELIST:CVE-2020-2102
HistoryJan 29, 2020 - 3:15 p.m.

CVE-2020-2102

2020-01-2915:15:28
jenkins
www.cve.org

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.6%

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC.

CNA Affected

[
  {
    "product": "Jenkins",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.218",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "LTS 2.204.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.6%