https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Bug ID: 1797087 Summary: CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflection attack Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: abenaiss@redhat.com, adam.kaplan@redhat.com, aos-bugs@redhat.com, bmontgom@redhat.com, eparis@redhat.com, extras-orphan@fedoraproject.org, java-sig-commits@lists.fedoraproject.org, jburrell@redhat.com, jokerman@redhat.com, mizdebsk@redhat.com, msrb@redhat.com, nstielau@redhat.com, pbhattac@redhat.com, sponnaga@redhat.com, vbobade@redhat.com, wzheng@redhat.com Target Milestone: --- Classification: Other
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
References:
https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641 http://www.openwall.com/lists/oss-security/2020/01/29/1
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797088
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1797088 [Bug 1797088] CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflection attack [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
--- Comment #1 from Pedro Sampaio psampaio@redhat.com --- Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1797088]
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1797089
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Sam Fowler sfowler@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797143
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Sam Fowler sfowler@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797144
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Sam Fowler sfowler@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1797146
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
--- Comment #4 from Akram Ben Aissi abenaiss@redhat.com --- This bug has been fixed by https://errata.devel.redhat.com/advisory/50532 that brought Jenkins 2.204.2
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Akram Ben Aissi abenaiss@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1813070
https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Vikas Laad vlaad@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1873172
https://bugzilla.redhat.com/show_bug.cgi?id=1797087 Bug 1797087 depends on bug 1797088, which changed state.
Bug 1797088 Summary: CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflection attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1797088
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org