Security Advisory

CVE-2020-2099

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-29 15:15:27

Last updated 2024-08-04 07:01:39

Assigner jenkins

State PUBLISHED

Description

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.

← Browse all CVEs View on cve.org ↗