CVE-2020-2114

CWE-522Insufficiently Protected CredentialsCWE-319Cleartext Transmission5 documents5 sources
Severity
7.5HIGH
EPSS
0.1%
top 83.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins S3 Publisher PluginJenkins S3 Publisher
Timeline
PublishedFeb 12
Latest updateMay 24

Description

Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_s3_publisher_pluginunspecified0.11.4

🔴Vulnerability Details

3
OSV
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration2022-05-24
GHSA
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration2022-05-24
CVEList
CVE-2020-2114: Jenkins S3 publisher Plugin 02020-02-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-02-122020-02-12
CVE-2020-2114 (HIGH CVSS 7.5) | Jenkins S3 publisher Plugin 0.11.4 | cvebase.io