CVE-2020-2314: Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by…

medium5.5CVSS 3.1

AVLACLPRLUINSUCHINAN

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Affected

19 ranges

Vendor	Product	Version range	Fixed in
jenkins	active_directory_plugin	—	—
jenkins	ansible_plugin	—	—
jenkins	appspider	<= 1.0.12	—
jenkins	appspider_plugin	—	—
jenkins	authentication_cache_in_active_directory_plugin	—	—
jenkins	aws_global_configuration_plugin	—	—
jenkins	azure_key_vault_plugin	—	—
jenkins	findbugs_plugin	—	—
jenkins	ids_in_azure_key_vault_plugin	—	—
jenkins	jenkins-ci_plugin	—	—
jenkins	kubernetes_plugin	—	—
jenkins	mail_commander_plugin	—	—
jenkins	mercurial_plugin	—	—
jenkins	sqlplus_script_runner_plugin	—	—
jenkins	static_analysis_utilities_plugin	—	—
jenkins	subversion_plugin	—	—
jenkins	visualworks_store_plugin	—	—
jenkins	vmware_lab_manager_slaves_plugin	—	—
jenkins_project	jenkins_appspider_plugin	unspecified – 1.0.12	—