CVE-2020-2185

CWE-300CWE-8356 documents6 sources
Severity
5.6MEDIUM
EPSS
0.1%
top 72.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Amazon EC2 PluginJenkins Amazon EC2
Timeline
PublishedMay 6
Latest updateMay 24

Description

Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_amazon_ec2_pluginunspecified1.50.1
NVDjenkins/amazon_ec21.50.1

🔴Vulnerability Details

3
GHSA
Missing SSH host key validation in Jenkins Amazon EC2 Plugin2022-05-24
OSV
Missing SSH host key validation in Jenkins Amazon EC2 Plugin2022-05-24
CVEList
CVE-2020-2185: Jenkins Amazon EC2 Plugin 12020-05-06

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2020-05-062020-05-06
Red Hat
kernel: infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c for certain nested page faults2020-04-21