Lucene search

Redhat.comRH:CVE-2020-2103

HistoryJan 31, 2020 - 8:09 p.m.

CVE-2020-2103

2020-01-3120:09:10

redhat.com

access.redhat.com

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user’s detail object in the whoAmI diagnostic page.

References

bugzilla.redhat.com/show_bug.cgi?id=1797062

nvd.nist.gov/vuln/detail/CVE-2020-2103

www.cve.org/CVERecord?id=CVE-2020-2103

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for RH:CVE-2020-2103