Lucene search

K
nvd[email protected]NVD:CVE-2020-2103
HistoryJan 29, 2020 - 4:15 p.m.

CVE-2020-2103

2020-01-2916:15:12
CWE-200
web.nvd.nist.gov
1

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.005

Percentile

77.1%

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user’s detail object in the whoAmI diagnostic page.

Affected configurations

NVD
Node
jenkinsjenkinsRange≀2.204.1lts
OR
jenkinsjenkinsRange≀2.218-

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.005

Percentile

77.1%