CVE-2020-2124
published 2020-02-12CVE-2020-2124: Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | applatix_plugin | — | — |
| jenkins | bmc_release_package_and_deployment_plugin | — | — |
| jenkins | digitalocean_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter | <= 1.0.1 | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | eagle_tester_plugin | — | — |
| jenkins | ecx_copy_data_management_plugin | — | — |
| jenkins | fitnesse_plugin | — | — |
| jenkins | git_parameter_plugin | — | — |
| jenkins | google_kubernetes_engine_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | harvest_scm_plugin | — | — |
| jenkins | ids_in_pipeline_github_notify_step_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | nunit_plugin | — | — |
| jenkins | parasoft_environment_manager_plugin | — | — |
| jenkins | pipeline_github_notify_step_plugin | — | — |
| jenkins | radargun_plugin | — | — |
| jenkins | s3_publisher_plugin | — | — |
| jenkins | sandbox_protection_in_script_security_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | subversion_plugin | — | — |
| jenkins | yaml_input_files_to_google_kubernetes_engine_plugin | — | — |
| jenkins_project | jenkins_dynamic_extended_choice_parameter_plugin | unspecified – 1.0.1 | — |
| samba | samba | >= 0 < 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 | 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv5.9MEDIUM