CVE-2020-2154

CWE-312 — Cleartext Storage of Sensitive Info CWE-2565 documents5 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 98.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Zephyr FOR Jira Test Management Plugin Jenkins Zephyr FOR Jira Test Management

Timeline

PublishedMar 9

Latest updateMay 24

Description

Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:zephyr-for-jira-test-management1.5

▶CVEListV5jenkins_project/jenkins_zephyr_for_jira_test_management_pluginunspecified — 1.5

▶NVDjenkins/zephyr1.5

🔴Vulnerability Details

GHSA

Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text↗2022-05-24

▶

OSV

Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text↗2022-05-24

▶

CVEList

CVE-2020-2154: Jenkins Zephyr for JIRA Test Management Plugin 1↗2020-03-09

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-03-09↗2020-03-09

▶