6 matches found
BIT-JENKINS-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
BIT-JENKINS-2020-2105
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...
jenkins: REST APIs vulnerable to clickjacking
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...
CVE-2020-2104
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart...
Design/Logic Flaw
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC...
PT-2020-15309 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.218 and earlier Jenkins LTS versions 2.204.1 and earlier Description: The issue arises from a non-constant time comparison function used when validating an HMAC. This could potentially allow attackers to use statistical...