CVE-2020-2209 Vulnerability in maven package org.jenkins-ci.plugins:testcomplete

Description

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1686

http://www.openwall.com/lists/oss-security/2020/07/02/7

Related Vulnerabilities

CVE-2023-29208 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2022-24728 Vulnerability in maven package org.webjars.npm:ckeditor4

CVE-2022-42496 Vulnerability in npm package nadesiko3

CVE-2023-40344 Vulnerability in maven package org.jenkins-ci.plugins:delphix

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N