CVE-2020-2164

Опубликовано: 25 мар. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Ссылки

http://www.openwall.com/lists/oss-security/2020/03/25/2
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29
http://www.openwall.com/lists/oss-security/2020/03/25/2
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:jenkins:*:*

Версия до 3.5.0 (включая)

EPSS

Процентиль: 49%

0.00258

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-4q47-ph87-fq4f

CVSS3: 3.3

github

больше 3 лет назад

Passwords stored in plain text by Jenkins Artifactory Plugin

BDU:2020-02702