CVE-2020-2124

CWE-522 — Insufficiently Protected Credentials CWE-25610 documents5 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 91.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Dynamic Extended Choice Parameter Plugin Jenkins Dynamic Extended Choice Parameter

Timeline

PublishedFeb 12

Latest updateMay 24

Description

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_dynamic_extended_choice_parameter_pluginunspecified — 1.0.1

▶NVDjenkins/dynamic_extended_choice_parameter1.0.1

▶Mavencom.moded.extendedchoiceparameter:dynamic_extended_choice_parameter1.0.1

🔴Vulnerability Details

OSV

Password stored in plain text by Dynamic Extended Choice Parameter Plugin↗2022-05-24

▶

GHSA

Password stored in plain text by Dynamic Extended Choice Parameter Plugin↗2022-05-24

▶

OSV

samba regression↗2021-12-13

▶

OSV

samba regression↗2021-12-13

▶

OSV

samba vulnerabilities↗2021-12-06

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-02-12↗2020-02-12

▶