CVE-2020-2101

Summary

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkinsunspecified <= 2.218affected
Jenkins projectJenkinsunspecified <= LTS 2.204.1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References