[Bug 1797080] New: CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass - java-sig-commits - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

December

[Bug 1797080] New: CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

[Bug 1799477] New: CVE-2020-5398...

[Bug 1797081] New: CVE-2020-2099...

bugzilla＠redhat.com

Friday, 31 January 2020 Fri, 31 Jan '20

2:59 p.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Bug ID: 1797080 Summary: CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com, aos-bugs(a)redhat.com, bmontgom(a)redhat.com, eparis(a)redhat.com, extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jburrell(a)redhat.com, jokerman(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, nstielau(a)redhat.com, pbhattac(a)redhat.com, sponnaga(a)redhat.com, vbobade(a)redhat.com, wzheng(a)redhat.com Target Milestone: --- Classification: Other Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. References: https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682 http://www.openwall.com/lists/oss-security/2020/01/29/1 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Show replies by thread

bugzilla＠redhat.com

Friday, 31 January Fri, 31 Jan

2:59 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Pedro Sampaio <psampaio(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797081 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1797081 [Bug 1797081] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

2:59 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 --- Comment #1 from Pedro Sampaio <psampaio(a)redhat.com> --- Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1797081] -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

3:13 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Pedro Sampaio <psampaio(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1797089 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

7:07 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Sam Fowler <sfowler(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |high Severity|medium |high -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

7:47 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Sam Fowler <sfowler(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797143 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

7:49 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Sam Fowler <sfowler(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797144 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

7:53 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Sam Fowler <sfowler(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797146 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

8:01 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 --- Comment #5 from Sam Fowler <sfowler(a)redhat.com> --- "Any security advisory related updates to Jenkins core or the plugins we include in the OpenShift Jenkins master image will only occur in the v3.11 and v4.x branches of this repository." https://github.com/openshift/jenkins/blob/master/README.md#jenkins-securi... -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

Tuesday, 3 March Tue, 3 Mar

3:07 a.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 --- Comment #6 from Akram Ben Aissi <abenaiss(a)redhat.com> --- This bug has been fixed by https://errata.devel.redhat.com/advisory/50532 that brought Jenkins 2.204.2 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

Thursday, 12 March Thu, 12 Mar

3:52 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Akram Ben Aissi <abenaiss(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1813070 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

Thursday, 2 July Thu, 2 Jul

10:31 a.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 --- Doc Text *updated* by Eric Christensen <sparks(a)redhat.com> --- A flaw was found in Jenkins. Encryption key parameters are improperly reused in the Inbound TCP Agent Protocol/3 allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents. The highest threat from this vulnerability is to data confidentiality. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

Wednesday, 26 August Wed, 26 Aug

11:38 a.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Vibhav Bobade <vbobade(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG Last Closed| |2020-08-26 16:38:11 --- Comment #7 from Vibhav Bobade <vbobade(a)redhat.com> --- Closing as bug is already fixed -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

11:20 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Sam Fowler <sfowler(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW CC| |sfowler(a)redhat.com Resolution|NOTABUG |--- Keywords| |Reopened -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

Thursday, 27 August Thu, 27 Aug

9:48 a.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Vikas Laad <vlaad(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1873172 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

bugzilla＠redhat.com

Tuesday, 24 November Tue, 24 Nov

1:15 p.m.

New subject: [Bug 1797080] CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1797080 Bug 1797080 depends on bug 1797081, which changed state. Bug 1797081 Summary: CVE-2020-2099 jenkins: Inbound TCP Agent Protocol/3 authentication bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1797081 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL -- You are receiving this mail because: You are on the CC list for the bug.

Reply

1273

days inactive

1571

days old

java-sig-commits@lists.fedoraproject.org

Manage subscription

15 comments

1 participants

tags (0)

participants (1)

bugzilla＠redhat.com