CVE-2020-2209

CWE-522 — Insufficiently Protected Credentials CWE-2566 documents6 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 91.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Testcomplete Support Plugin Jenkins Testcomplete Support

Timeline

PublishedJul 2

Latest updateMay 24

Description

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_testcomplete_support_pluginunspecified — 2.4.1

▶Mavenorg.jenkins-ci.plugins:TestComplete< 2.5.2

▶NVDjenkins/testcomplete_support2.4.1

🔴Vulnerability Details

GHSA

Password stored in plain text by Jenkins TestComplete support Plugin↗2022-05-24

▶

OSV

Password stored in plain text by Jenkins TestComplete support Plugin↗2022-05-24

▶

CVEList

CVE-2020-2209: Jenkins TestComplete support Plugin 2↗2020-07-02

▶

💥Exploits & PoCs

Exploit-DB

SeedDMS 5.1.18 - Persistent Cross-Site Scripting↗2020-04-15

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-07-02↗2020-07-02

▶