CVE-2020-2099
published 2020-01-29CVE-2020-2099: Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized…
high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | code_coverage_plugin | — | — |
| jenkins | fortify_plugin | — | — |
| jenkins | jenkins | <= 2.204.1 | — |
| jenkins | jenkins | <= 2.218 | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | websphere_deployer_plugin | — | — |
| jenkins_project | jenkins | unspecified – 2.213 | — |