Jenkins Security Advisory 2020-03-25
Affects Jenkins Core Affects plugin: Artifactory Affects plugin: Azure Container Service Affects plugin: OpenShift Pipeline Affects plugin: Pipeline: AWS Steps Affects plugin: Queue cleanup Affects plugin: RapidDeploy
Details
Original advisory: https://www.jenkins.io/security/advisory/2020-03-25/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2020-21602.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 78% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21611.2% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 66% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21621.2% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 63% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21631.2% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 63% of all scored CVEs.
- Low exploitation riskCVE-2020-21640.80% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 52% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21651.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 61% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21662.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 79% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21672.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 79% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21682.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 78% of all scored CVEs.
- Moderate exploitation riskCVE-2020-21691.0% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 60% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2020-2160 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2161 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2162 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2163 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2164 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2165 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2166 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2167 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2168 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2169 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2170 | coverage & exploitation status | NVD · CVE.org |
| CVE-2020-2171 | coverage & exploitation status | NVD · CVE.org |
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18