VDB

BIT-jenkins-2020-2099

BIT-jenkins-2020-2099 PUBLISHED CVSS 8.600000381469727 HIGH

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected Products

VendorProductVersions
Bitnamijenkins0, 0, 0

Timeline

  • Mar 6, 2024 CVE Published
  • Apr 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›