Jenkins Security Advisory 2020-09-16
Affects plugin: android-lint Affects plugin: Blue Ocean Affects plugin: chosen-views-tabbar Affects plugin: ClearCase Release Affects plugin: Computer Queue Affects plugin: Copy data to workspace Affects plugin: Coverage/Complexity Scatter Plot Affects plugin: Custom Job Icon Affects plugin: Description Column Affects plugin: ElasTest Affects plugin: Email Extension Affects plugin: Health Advisor by CloudBees Affects plugin: Locked Files Report Affects plugin: Mailer Affects plugin: MongoDB Affects plugin: perfecto Affects plugin: Pipeline Maven Integration Affects plugin: Radiator View Affects plugin: Selection tasks Affects plugin: Storable Configs Affects plugin: Validating String Parameter
Details
Original advisory: https://www.jenkins.io/security/advisory/2020-09-16/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2020-22520.96% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 57% of all scored CVEs.
- Low exploitation riskCVE-2020-22530.69% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Moderate exploitation riskCVE-2020-22542.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 80% of all scored CVEs.
- Low exploitation riskCVE-2020-22550.85% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 54% of all scored CVEs.
- Low exploitation riskCVE-2020-22560.73% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 50% of all scored CVEs.
- Low exploitation riskCVE-2020-22570.73% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 50% of all scored CVEs.
- Low exploitation riskCVE-2020-22580.69% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Low exploitation riskCVE-2020-22590.73% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 50% of all scored CVEs.
- Low exploitation riskCVE-2020-22600.66% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Moderate exploitation riskCVE-2020-22611.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 68% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18