Jenkins Security Advisory 2020-02-12
Affects plugin: Applatix Affects plugin: BMC Release Package and Deployment Affects plugin: brakeman Affects plugin: debian-package-builder Affects plugin: DigitalOcean Affects plugin: Dynamic Extended Choice Parameter Affects plugin: Eagle Tester Affects plugin: ECX Copy Data Management Affects plugin: FitNesse Affects plugin: Git Parameter Affects plugin: Google Kubernetes Engine Affects plugin: Harvest SCM Affects plugin: Microsoft Entra ID (previously Azure AD) Affects plugin: NUnit Affects plugin: Parasoft Environment Manager Affects plugin: Pipeline GitHub Notify Step Affects plugin: Pipeline: Groovy Affects plugin: RadarGun Affects plugin: S3 publisher Affects plugin: Script Security Affects plugin: Subversion
Details
Original advisory: https://www.jenkins.io/security/advisory/2020-02-12/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2020-21091.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 66% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21101.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 66% of all scored CVEs.
- Low exploitation riskCVE-2020-21110.93% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 56% of all scored CVEs.
- Low exploitation riskCVE-2020-21120.73% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 50% of all scored CVEs.
- Low exploitation riskCVE-2020-21130.73% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 50% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21141.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 61% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21151.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 63% of all scored CVEs.
- Low exploitation riskCVE-2020-21160.68% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Low exploitation riskCVE-2020-21170.68% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Low exploitation riskCVE-2020-21180.68% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18