cbcvebase.
CVE-2020-2165
published 2020-03-25

CVE-2020-2165: Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.09%
61.1th percentile
Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Affected

13 ranges
VendorProductVersion rangeFixed in
jenkinsartifactory_plugin
jenkinsaws_steps_plugin
jenkinsazure_container_service_plugin
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
jenkinsopenshift_pipeline_plugin
jenkinsqueue_cleanup_plugin
jenkinsrapiddeploy_plugin
jenkinsyaml_input_files_to_azure_container_service_plugin
jenkinsyaml_input_files_to_openshift_pipeline_plugin
jenkins_projectjenkins_artifactory_plugin
jfrogartifactory<= 3.6.0

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.