CVE-2020-2151

Опубликовано: 09 мар. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Ссылки

http://www.openwall.com/lists/oss-security/2020/03/09/1
Third Party Advisory
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1519
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/03/09/1
Third Party Advisory
https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1519
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:quality_gates:*:*:*:*:*:jenkins:*:*

Версия до 2.5 (включая)

EPSS

Процентиль: 7%

0.00027

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-gvcj-72h4-8xm9

CVSS3: 3.1

github

больше 3 лет назад

Jenkins Quality Gates Plugin transmits credentials in plain text during configuration