CVE-2020-2319

CWE-522 — Insufficiently Protected Credentials CWE-2565 documents5 sources

Severity

6.5MEDIUM

EPSS

0.0%

top 85.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Vmware LAB Manager Slaves Plugin Jenkins Vmware LAB Manager Slaves

Timeline

PublishedNov 4

Latest updateMay 24

Description

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_vmware_lab_manager_slaves_pluginunspecified — 0.2.8

▶NVDjenkins/vmware_lab_manager_slaves0.2.8

▶Mavenorg.jenkins-ci.plugins:labmanager0.2.8

🔴Vulnerability Details

GHSA

Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin↗2022-05-24

▶

OSV

Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin↗2022-05-24

▶

CVEList

CVE-2020-2319: Jenkins VMware Lab Manager Slaves Plugin 0↗2020-11-04

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2020-11-04↗2020-11-04

▶