CVE-2020-2124

CVSS v3.1 4.3 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.05 % (23^th)

Affected Products 1

Advisories 2

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

Weaknesses

CWE-522: Insufficiently Protected Credentials

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2020-02-12 15:15:13
(4 years ago)
Updated Date: 2023-10-25 18:16:30
(10 months ago)

Affected Products

Jenkins

Dynamic Extended Choice Parameter

Configuration #1

		CPE23	From	Up To
	Jenkins Dynamic Extended Choice Parameter for Jenkins 1.0.1 and prior versions	cpe:2.3:a:jenkins:dynamic_extended_choice_parameter::::::jenkins		<= 1.0.1