1797087 – (CVE-2020-2100) CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflection attack

Bug 1797087 (CVE-2020-2100) - CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflection attack

Summary: CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflecti...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-2100
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1797088 1797143 1797144 1797146 1813070 1873172
Blocks:	1797089
TreeView+	depends on / blocked

Reported:	2020-01-31 21:09 UTC by Pedro Sampaio
Modified:	2023-09-07 21:40 UTC (History)
CC List:	16 users (show)
Fixed In Version:	jenkins 2.219, jenkins LTS 2.204.2
Clone Of:
Environment:
Last Closed:	2021-10-28 01:16:27 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2020-01-31 21:09:54 UTC

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. 

References:

https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641
http://www.openwall.com/lists/oss-security/2020/01/29/1

Comment 1 Pedro Sampaio 2020-01-31 21:10:17 UTC

Created jenkins tracking bugs for this issue:

Affects: fedora-all [bug 1797088]

Comment 4 Akram Ben Aissi 2020-03-03 09:06:19 UTC

This bug has been fixed by https://errata.devel.redhat.com/advisory/50532 that brought Jenkins 2.204.2

Note You need to log in before you can comment on or make changes to this bug.