Description

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.

Remediation

References

CVE-2020-2099

Related Vulnerabilities

WordPress Plugin Tickera-WordPress Event Ticketing Unspecified Vulnerability (3.4.6.7)

SharePoint CVE-2023-33142 Vulnerability (CVE-2023-33142)

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4370)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-12747)

Severity

High

Classification

CVE-2020-2099 CWE-330 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Tags

Missing Update Known Vulnerabilities