CVE-2020-2099

HIGH Year: 2020
CVSS v3 Score
8.6
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-330
View all →

Vulnerability Description

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.

Related Vulnerabilities

CVE-2023-22601

HIGH
CVSS:8.6(High)

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do...

CWE-3302023

CVE-2017-17091

HIGH
CVSS:8.8(High)

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions...

CWE-3302017

CVE-2019-16205

HIGH
CVSS:8.8(High)

A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several pos...

CWE-3302019

CVE-2020-27264

HIGH
CVSS:8.8(High)

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which a...

CWE-3302020

CVE-2020-9449

HIGH
CVSS:8.8(High)

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to esc...

CWE-3302020

CVE-2021-22038

HIGH
CVSS:8.8(High)

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This ...

CWE-3302021