Medium severity5.6NVD Advisory· Published May 6, 2020· Updated Jun 17, 2026
CVE-2020-2187
CVE-2020-2187
Description
Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:ec2Maven | < 1.50.2 | 1.50.2 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2020/05/06/3nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-c89c-pvm7-33wjghsaADVISORY
- jenkins.io/security/advisory/2020-05-06/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-2187ghsaADVISORY
- github.com/jenkinsci/ec2-plugin/commit/4c9f03ae202e4730fd54eda40771fa4d3873e358ghsaWEB
News mentions
1- Jenkins Security Advisory 2020-05-06Jenkins Security Advisories · May 6, 2020