CVE-2020-2103

MEDIUM NUCLEI

Jenkins < 2.204.1 - Information Disclosure

Title source: rule

Description

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page.

Nuclei Templates (1)

Jenkins <=2.218 - Information Disclosure
MEDIUMby c-sh0
Shodan: http.favicon.hash:81586312 || cpe:"cpe:2.3:a:jenkins:jenkins" || product:"jenkins"
FOFA: icon_hash=81586312

References (6)

Scores

CVSS v3 5.4
EPSS 0.4521
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-200
Status published
Products (3)
jenkins/jenkins < 2.204.1
jenkins/jenkins < 2.218
org.jenkins-ci.main/jenkins-core 2.205 - 2.219Maven
Published Jan 29, 2020
Tracked Since Feb 18, 2026