CVE-2020-2114

Опубликовано: 12 фев. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Ссылки

http://www.openwall.com/lists/oss-security/2020/02/12/3
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/02/12/3
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1684
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:s3_publisher:*:*:*:*:*:jenkins:*:*

Версия до 0.11.4 (включая)

EPSS

Процентиль: 16%

0.00053

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-ffr6-8cv5-j637

CVSS3: 3.1

github

больше 3 лет назад

Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration