cbcvebase.
CVE-2020-2164
published 2020-03-25

CVE-2020-2164: Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.80%
52.1th percentile
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Affected

13 ranges
VendorProductVersion rangeFixed in
jenkinsartifactory_plugin
jenkinsaws_steps_plugin
jenkinsazure_container_service_plugin
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
jenkinsopenshift_pipeline_plugin
jenkinsqueue_cleanup_plugin
jenkinsrapiddeploy_plugin
jenkinsyaml_input_files_to_azure_container_service_plugin
jenkinsyaml_input_files_to_openshift_pipeline_plugin
jenkins_projectjenkins_artifactory_pluginunspecified – 3.5.0
jfrogartifactory<= 3.5.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.