FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- multiple vulnerabilities

Affected packages
jenkins <= 2.219
jenkins-lts <= 2.204.2

Details

VuXML ID a250539d-d1d4-4591-afd3-c8bdfac335d8
Discovery 2020-01-29
Entry 2020-01-29

Jenkins Security Advisory:

Description

(High) SECURITY-1682 / CVE-2020-2099

Inbound TCP Agent Protocol/3 authentication bypass

(Medium) SECURITY-1641 / CVE-2020-2100

Jenkins vulnerable to UDP amplification reflection attack

(Medium) SECURITY-1659 / CVE-2020-2101

Non-constant time comparison of inbound TCP agent connection secret

(Medium) SECURITY-1660 / CVE-2020-2102

Non-constant time HMAC comparison

(Medium) SECURITY-1695 / CVE-2020-2103

Diagnostic page exposed session cookies

(Medium) SECURITY-1650 / CVE-2020-2104

Memory usage graphs accessible to anyone with Overall/Read

(Low) SECURITY-1704 / CVE-2020-2105

Jenkins REST APIs vulnerable to clickjacking

(Medium) SECURITY-1680 / CVE-2020-2106

Stored XSS vulnerability in Code Coverage API Plugin

(Medium) SECURITY-1565 / CVE-2020-2107

Fortify Plugin stored credentials in plain text

(High) SECURITY-1719 / CVE-2020-2108

XXE vulnerability in WebSphere Deployer Plugin

References

CVE Name CVE-2020-2099
CVE Name CVE-2020-2100
CVE Name CVE-2020-2101
CVE Name CVE-2020-2102
CVE Name CVE-2020-2103
CVE Name CVE-2020-2104
CVE Name CVE-2020-2105
CVE Name CVE-2020-2106
CVE Name CVE-2020-2107
CVE Name CVE-2020-2108
URL https://jenkins.io/security/advisory/2020-01-29/