Jenkins Security Advisory 2020-11-04
Affects plugin: Active Directory Affects plugin: Static Analysis Utilities Affects plugin: Ansible Affects plugin: AppSpider Affects plugin: AWS Global Configuration Affects plugin: Azure Key Vault Affects plugin: FindBugs Affects plugin: Kubernetes Affects plugin: Mail Commander Plugin for Jenkins-ci Affects plugin: Mercurial Affects plugin: SQLPlus Script Runner Affects plugin: Subversion Affects plugin: Visualworks Store Affects plugin: VMware Lab Manager Slaves
Details
Original advisory: https://www.jenkins.io/security/advisory/2020-11-04/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Moderate exploitation riskCVE-2020-22991.3% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 68% of all scored CVEs.
- Moderate exploitation riskCVE-2020-23001.7% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 74% of all scored CVEs.
- Moderate exploitation riskCVE-2020-23011.7% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 74% of all scored CVEs.
- Low exploitation riskCVE-2020-23020.67% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Low exploitation riskCVE-2020-23030.67% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 48% of all scored CVEs.
- Moderate exploitation riskCVE-2020-23041.5% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 71% of all scored CVEs.
- Moderate exploitation riskCVE-2020-23051.4% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 70% of all scored CVEs.
- Moderate exploitation riskCVE-2020-23061.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 61% of all scored CVEs.
- Moderate exploitation riskCVE-2020-23071.2% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 65% of all scored CVEs.
- Moderate exploitation riskCVE-2020-23081.1% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 63% of all scored CVEs.
Referenced CVEs
More from Jenkins Security Advisories
- unknownJenkins Security Advisory 2026-06-242026-06-24
- unknownJenkins Security Advisory 2026-06-102026-06-10
- unknownJenkins Security Advisory 2026-05-272026-05-27
- unknownJenkins Security Advisory 2026-04-292026-04-29
- unknownJenkins Security Advisory 2026-03-182026-03-18