VDB

CVE-2020-2101

CVE-2020-2101 PUBLISHED

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.

EPSS 1.65% · 82.3th percentile

Risk Scores

EPSS Score
1.65%
82.3th percentile

Affected Products

VendorProductVersions
Bitnamijenkins0
Bitnamijenkins0

Timeline

  • Jan 29, 2020 CVE Published
  • Mar 17, 2020 CVE Updated
  • Apr 14, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 5, 2025 EPSS Score
  • Jun 1, 2025 EPSS Score
  • Jun 6, 2025 EPSS Score
  • Jun 24, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›