CVE-2020-2128 Vulnerability in maven package com.catalogic.ecxjenkins:catalogic-ecx

Description

Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1549

http://www.openwall.com/lists/oss-security/2020/02/12/3

Related Vulnerabilities

CVE-2020-10204 Vulnerability in maven package org.sonatype.nexus:nexus-core

CVE-2023-40814 Vulnerability in maven package org.opencrx:opencrx-core-models

CVE-2022-22931 Vulnerability in maven package org.apache.james:james-server

CVE-2019-16548 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N