CVE-2020-2103

Published: Jan 29, 2020
Updated: Oct 26, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-2103" target="_blank" rel="noopener"> CVE-2020-2103
GHSA: <a href="https://github.com/advisories/GHSA-4jjj-cm7q-v6hr" target="_blank" rel="noopener"> GHSA-4jjj-cm7q-v6hr
Severity: Medium
Exploit:

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
jenkins / jenkins	-	2.218.x
jenkins / jenkins	-	2.204.1.x
org.jenkins-ci.main / jenkins-core	2.205	2.219
org.jenkins-ci.main / jenkins-core	-	2.204.2