CVE-2020-2103

nvd nist nuclei

Published: Jan 29, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.

Affected (2)

Products: Jenkins: Jenkins

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.218
Jenkins Jenkins	Up to 2.204.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://www.openwall.com/lists/oss-security/2020/01/29/1

Source: jenkinsci-cert@googlegroups.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2020:0402

Source: jenkinsci-cert@googlegroups.com

https://access.redhat.com/errata/RHBA-2020:0675

Source: jenkinsci-cert@googlegroups.com

https://access.redhat.com/errata/RHSA-2020:0681

Source: jenkinsci-cert@googlegroups.com

https://access.redhat.com/errata/RHSA-2020:0683

Source: jenkinsci-cert@googlegroups.com

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2020/01/29/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2020:0402

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHBA-2020:0675

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2020:0681

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2020:0683

Source: af854a3a-2127-422b-91ae-364da2661108

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.