Jenkins Security Advisory 2020-03-09
Affects plugin: Audit Trail Affects plugin: Backlog Affects plugin: Cobertura Affects plugin: CryptoMove Affects plugin: DeployHub Affects plugin: Git Affects plugin: Literate Affects plugin: Logstash Affects plugin: Mac Affects plugin: OpenShift Deployer Affects plugin: P4 Affects plugin: Quality Gates Affects plugin: Repository Connector Affects plugin: Rundeck Affects plugin: Script Security Affects plugin: Skytap Cloud CI Affects plugin: Sonar Quality Gates Affects plugin: Subversion Release Manager Affects plugin: Timestamper Affects plugin: Zephyr Enterprise Test Management Affects plugin: Zephyr for JIRA Test Management
Details
Original advisory: https://www.jenkins.io/security/advisory/2020-03-09/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2020-21341.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 59% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21351.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 59% of all scored CVEs.
- Low exploitation riskCVE-2020-21360.85% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 54% of all scored CVEs.
- Low exploitation riskCVE-2020-21370.70% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 49% of all scored CVEs.
- Low exploitation riskCVE-2020-21380.93% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 56% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21391.6% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 73% of all scored CVEs.
- Exploitation likely imminentCVE-2020-2140EPSS puts this in the most-targeted tier (76.0% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 99% of all scored CVEs.
- Low exploitation riskCVE-2020-21410.64% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 46% of all scored CVEs.
- Low exploitation riskCVE-2020-21420.61% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Low exploitation riskCVE-2020-21430.61% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18