CVE-2020-2274Cleartext Storage of Sensitive Info in Project Jenkins Elastest Plugin

CWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Elastest PluginJenkins Elastest
Timeline
PublishedSep 16
Latest updateMay 24

Description

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_elastest_pluginunspecified1.2.1
NVDjenkins/elastest1.2.1

🔴Vulnerability Details

3
GHSA
Passwords stored in plain text by ElasTest Plugin2022-05-24
OSV
Passwords stored in plain text by ElasTest Plugin2022-05-24
CVEList
CVE-2020-2274: Jenkins ElasTest Plugin 12020-09-16

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-09-162020-09-16
CVE-2020-2274 — Cleartext Storage of Sensitive Info | cvebase