CVE-2020-2165

CWE-522 — Insufficiently Protected Credentials CWE-319 — Cleartext Transmission5 documents5 sources

Severity

7.5HIGH

EPSS

0.3%

top 43.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jfrog Artifactory Jenkins Project Jenkins Artifactory Plugin

Timeline

PublishedMar 25

Latest updateMay 24

Description

Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:artifactory< 3.6.1

▶CVEListV5jenkins_project/jenkins_artifactory_plugin3.6.0

▶NVDjfrog/artifactory3.6.0

🔴Vulnerability Details

OSV

Passwords transmitted in plain text by Jenkins Artifactory Plugin↗2022-05-24

▶

GHSA

Passwords transmitted in plain text by Jenkins Artifactory Plugin↗2022-05-24

▶

CVEList

CVE-2020-2165: Jenkins Artifactory Plugin 3↗2020-03-25

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-03-25↗2020-03-25

▶