CVE-2020-2314

CWE-522Insufficiently Protected CredentialsCWE-2565 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 98.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Appspider PluginJenkins Appspider
Timeline
PublishedNov 4
Latest updateMay 24

Description

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_appspider_pluginunspecified1.0.12
NVDjenkins/appspider1.0.12

🔴Vulnerability Details

3
GHSA
Password stored in plain text by Jenkins AppSpider Plugin2022-05-24
OSV
Password stored in plain text by Jenkins AppSpider Plugin2022-05-24
CVEList
CVE-2020-2314: Jenkins AppSpider Plugin 12020-11-04

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-11-042020-11-04
CVE-2020-2314 (MEDIUM CVSS 5.5) | Jenkins AppSpider Plugin 1.0.12 and | cvebase.io