https://bugzilla.redhat.com/show_bug.cgi?id=1797087
Bug ID: 1797087 Summary: CVE-2020-2100 jenkins: UDP multicast/broadcast service amplification reflection attack Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: abenaiss@redhat.com, adam.kaplan@redhat.com, aos-bugs@redhat.com, bmontgom@redhat.com, eparis@redhat.com, extras-orphan@fedoraproject.org, java-sig-commits@lists.fedoraproject.org, jburrell@redhat.com, jokerman@redhat.com, mizdebsk@redhat.com, msrb@redhat.com, nstielau@redhat.com, pbhattac@redhat.com, sponnaga@redhat.com, vbobade@redhat.com, wzheng@redhat.com Target Milestone: --- Classification: Other
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
References:
https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1641 http://www.openwall.com/lists/oss-security/2020/01/29/1