CVE-2020-2119

CWE-522Insufficiently Protected CredentialsCWE-2565 documents5 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 88.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Azure AD PluginJenkins Azure AD
Timeline
PublishedFeb 12
Latest updateMay 24

Description

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_azure_ad_pluginunspecified1.1.2
NVDjenkins/azure_ad1.1.2

🔴Vulnerability Details

3
GHSA
Client secret transmitted in plain text by Azure AD Plugin2022-05-24
OSV
Client secret transmitted in plain text by Azure AD Plugin2022-05-24
CVEList
CVE-2020-2119: Jenkins Azure AD Plugin 12020-02-12

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-02-122020-02-12
CVE-2020-2119 (MEDIUM CVSS 5.3) | Jenkins Azure AD Plugin 1.1.2 and e | cvebase.io