1. Home
  2. Vulnerabilities
  3. CVE-2020-2213

CVE-2020-2213

CVSS v3.1 4.3 (Medium)
43% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.05 % (23th)
0.05% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Jenkins White Source Plugin 19.1.1 and earlier stores credentials unencrypted in its global configuration file and in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission (config.xml), or access to the master file system.

Weaknesses
CWE-522
Insufficiently Protected Credentials
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2020-07-02 15:15:18
(4 years ago)
Updated Date
2023-10-25 18:16:36
(10 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins White Source for Jenkins 19.1.1 and prior versions cpe:2.3:a:jenkins:white_source::*:*:*:*:jenkins <= 19.1.1