CVE-2020-2105
https://notcve.org/view.php?id=CVE-2020-2105
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. Los endpoint de la API REST en Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, eran vulnerables a los ataques de secuestro de cliqueo. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2020-2103
https://notcve.org/view.php?id=CVE-2020-2103
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, expuso identificadores de sesión en un objeto de detalles de usuario en la página de diagnóstico whoAmI. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-2104
https://notcve.org/view.php?id=CVE-2020-2104
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, permitieron a usuarios con acceso General y de Lectura visualizar un gráfico de uso de memoria de JVM. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650 • CWE-863: Incorrect Authorization •
CVE-2020-2100
https://notcve.org/view.php?id=CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, eran vulnerables a un ataque de denegación de servicio de reflexión de amplificación UDP en el puerto 33848. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641 •
CVE-2020-2102
https://notcve.org/view.php?id=CVE-2020-2102
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, usó una función de comparación de tiempo no constante cuando se compara un HMAC. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1660 • CWE-203: Observable Discrepancy •