CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2105
https://notcve.org/view.php?id=CVE-2020-2105
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. Los endpoint de la API REST en Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, eran vulnerables a los ataques de secuestro de cliqueo. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2103
https://notcve.org/view.php?id=CVE-2020-2103
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, expuso identificadores de sesión en un objeto de detalles de usuario en la página de diagnóstico whoAmI. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2104
https://notcve.org/view.php?id=CVE-2020-2104
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, permitieron a usuarios con acceso General y de Lectura visualizar un gráfico de uso de memoria de JVM. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1650 • CWE-863: Incorrect Authorization •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2100
https://notcve.org/view.php?id=CVE-2020-2100
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, eran vulnerables a un ataque de denegación de servicio de reflexión de amplificación UDP en el puerto 33848. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2101
https://notcve.org/view.php?id=CVE-2020-2101
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret. Jenkins versiones 2.218 y anteriores, versiones LTS 2.204.1 y anteriores, no usaban una función de comparación de tiempo constante para comprobar secretos de conexión, lo que podría potencialmente permitir a un atacante usar un ataque de sincronización para obtener este secreto. • http://www.openwall.com/lists/oss-security/2020/01/29/1 https://access.redhat.com/errata/RHBA-2020:0402 https://access.redhat.com/errata/RHBA-2020:0675 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0683 https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1659 • CWE-203: Observable Discrepancy •