5.4
CVE-2020-2105
- EPSS 1.85%
- Veröffentlicht 29.01.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:24:38
- Quelle jenkinsci-cert@googlegroups.co
- CVE-Watchlists
- Unerledigt
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.85% | 0.763 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-1021 Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
https://access.redhat.com/errata/RHSA-2020:0681
https://access.redhat.com/errata/RHSA-2020:0683
http://www.openwall.com/lists/oss-security/2020/01/29/1
https://access.redhat.com/errata/RHBA-2020:0402
https://access.redhat.com/errata/RHBA-2020:0675
https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1704