Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-2218

Summary
Assigner-jenkins
Assigner Org ID-39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At-02 Jul, 2020 | 14:55
Updated At-04 Aug, 2024 | 07:01
Rejected At-
Credits

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jenkins
Assigner Org ID:39769cd5-e6e2-4dc8-927e-97b3aa056f5b
Published At:02 Jul, 2020 | 14:55
Updated At:04 Aug, 2024 | 07:01
Rejected At:
▼CVE Numbering Authority (CNA)

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Affected Products
Vendor
JenkinsJenkins project
Product
Jenkins HP ALM Quality Center Plugin
Versions
Affected
  • From unspecified through 1.6 (custom)

unknown

  • From next of 1.6 before unspecified (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/07/02/7
mailing-list
x_refsource_MLIST
Hyperlink: https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2020/07/02/7
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2020/07/02/7
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2020/07/02/7
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jenkinsci-cert@googlegroups.com
Published At:02 Jul, 2020 | 15:15
Updated At:25 Oct, 2023 | 18:16

Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
hp_application_lifecycle_management_quality_center_project
hp_application_lifecycle_management_quality_center_project
>>hp_application_lifecycle_management_quality_center>>Versions up to 1.6(inclusive)
cpe:2.3:a:hp_application_lifecycle_management_quality_center_project:hp_application_lifecycle_management_quality_center:*:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-522Primarynvd@nist.gov
CWE ID: CWE-522
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.openwall.com/lists/oss-security/2020/07/02/7jenkinsci-cert@googlegroups.com
Third Party Advisory
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576jenkinsci-cert@googlegroups.com
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2020/07/02/7
Source: jenkinsci-cert@googlegroups.com
Resource:
Third Party Advisory
Hyperlink: https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

295Records found
CVE-2021-21614
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 15:55
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-bumblebee_hp_almJenkins Bumblebee HP ALM Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21681
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.30%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 13:50
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-nomadJenkins Nomad Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21612
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 15:55
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-tracetronic_ecu-testJenkins TraceTronic ECU-TEST Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-20621
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 32.31%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:06
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-metricsJenkins Metrics Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-2297
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-3.3||LOW
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-sms_notificationJenkins SMS Notification Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-23114
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-3.3||LOW
EPSS-0.08% / 24.00%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 19:06
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-publish_over_sshJenkins Publish Over SSH Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-16572
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 14:40
Updated-09 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-weiboJenkins Weibo Plugin
CWE ID-CWE-1024
Comparison of Incompatible Types
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-16543
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-21 Nov, 2019 | 14:11
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-spira_importerJenkins Spira Importer Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10361
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.94%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 12:45
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-m2releaseJenkins Maven Release Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10424
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins elOyente Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-eloyenteJenkins elOyente Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10420
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-assemblaJenkins Assembla Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10476
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 12:45
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-zulipJenkins Zulip Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10423
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins CodeScan Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-codescanJenkins CodeScan Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10345
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 12:45
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export.

Action-Not Available
Vendor-Jenkins
Product-configuration_as_codeJenkins Configuration as Code Plugin
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-1003038
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-08 Mar, 2019 | 21:00
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.

Action-Not Available
Vendor-Jenkins
Product-repository_connectorJenkins Repository Connector Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10426
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-gem_publisherJenkins Gem Publisher Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10398
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-12 Sep, 2019 | 13:55
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-beaker_builderJenkins Beaker Builder Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10461
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 12:45
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-dynatrace_application_monitoringJenkins Dynatrace Application Monitoring Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10378
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 2.27%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-testlinkJenkins TestLink Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10419
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-vfabric_application_directorJenkins vFabric Application Director Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10429
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.58%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-gitlab_logoJenkins GitLab Logo Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2019-10460
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 12:45
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-bitbucket_oauthJenkins Bitbucket OAuth Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-2314
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-04 Nov, 2020 | 14:35
Updated-04 Aug, 2024 | 07:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-appspiderJenkins AppSpider Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-2145
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.99%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:01
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.

Action-Not Available
Vendor-Jenkins
Product-zephyr_enterprise_test_managementJenkins Zephyr Enterprise Test Management Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-2291
Matching Score-10
Assigner-Jenkins Project
ShareView Details
Matching Score-10
Assigner-Jenkins Project
CVSS Score-3.3||LOW
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-08 Oct, 2020 | 12:40
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-couchdb-statisticsJenkins couchdb-statistics Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-27195
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-1.47% / 80.15%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 16:45
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-parameterized_triggerJenkins Parameterized Trigger Plugin
CVE-2020-2274
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.79%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-elastestJenkins ElasTest Plugin
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-2154
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.68%
||
7 Day CHG~0.00%
Published-09 Mar, 2020 | 15:01
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.

Action-Not Available
Vendor-Jenkins
Product-zephyr_for_jira_test_managementJenkins Zephyr for JIRA Test Management Plugin
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-2249
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-3.3||LOW
EPSS-0.01% / 0.36%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 13:50
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-team_foundation_serverJenkins Team Foundation Server Plugin
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2019-10453
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 13:00
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-delphixJenkins Delphix Plugin
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-10364
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.54%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 12:45
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.

Action-Not Available
Vendor-Jenkins
Product-ec2Jenkins Amazon EC2 Plugin
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-10433
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-3.3||LOW
EPSS-0.02% / 3.54%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 13:45
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Dingding[钉钉] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-dingdingJenkins Dingding[钉钉] Plugin
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-10367
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.96%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 14:20
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.

Action-Not Available
Vendor-Jenkins
Product-configuration_as_codeJenkins Configuration as Code Plugin
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-10343
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-3.3||LOW
EPSS-0.01% / 1.81%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 12:45
Updated-04 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

Action-Not Available
Vendor-Jenkins
Product-configuration_as_codeJenkins Configuration as Code Plugin
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-10450
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-3.3||LOW
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 13:00
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-elasticbox_ciJenkins ElasticBox CI Plugin
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-10430
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.38%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 15:05
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-neuvector_vulnerability_scannerJenkins NeuVector Vulnerability Scanner Plugin
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2019-1003048
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.86%
||
7 Day CHG~0.00%
Published-28 Mar, 2019 | 17:59
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attackers with local file system access to the Jenkins home directory to obtain the unencrypted password from the plugin configuration.

Action-Not Available
Vendor-Jenkins
Product-prqaJenkins PRQA Plugin
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CVE-2022-45392
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.98%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-ns-nd_integration_performance_publisherJenkins NS-ND Integration Performance Publisher Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-45384
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.03%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-reverse_proxy_authJenkins Reverse Proxy Auth Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-2107
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 6.99%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 15:15
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Action-Not Available
Vendor-Jenkins
Product-fortifyJenkins Fortify Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-21634
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.89%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 11:10
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-jabber_\(xmpp\)_notifier_and_controlJenkins Jabber (XMPP) notifier and control Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-38665
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.74% / 72.04%
||
7 Day CHG+0.29%
Published-23 Aug, 2022 | 16:45
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-collabnetJenkins CollabNet Plugins Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-38663
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-1.66% / 81.31%
||
7 Day CHG-0.10%
Published-23 Aug, 2022 | 16:45
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

Action-Not Available
Vendor-Jenkins
Product-gitJenkins Git Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-36901
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.39%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 14:25
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-http_requestJenkins HTTP Request Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34799
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 68.97%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:47
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-deployment_dashboardJenkins Deployment Dashboard Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34808
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 68.97%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:48
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-cisco_sparkJenkins Cisco Spark Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34805
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.08%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:48
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-skype_notifierJenkins Skype notifier Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34803
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 68.97%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:48
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-opsgenieJenkins OpsGenie Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34809
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.08%
||
7 Day CHG-0.03%
Published-30 Jun, 2022 | 17:48
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-rqmJenkins RQM Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-34802
Matching Score-6
Assigner-Jenkins Project
ShareView Details
Matching Score-6
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.38%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 17:48
Updated-03 Aug, 2024 | 09:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Action-Not Available
Vendor-Jenkins
Product-rocketchat_notifierJenkins RocketChat Notifier Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found