Lucene search

[email protected]CVE-2020-2314

HistoryNov 04, 2020 - 3:15 p.m.

CVE-2020-2314

2020-11-0415:15:12

CWE-522

[email protected]

web.nvd.nist.gov

cve-2020-2314

jenkins

appspider plugin

password security

unencrypted

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.5%

JSON

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinsappspiderRange≤1.0.12jenkins

CPENameOperatorVersion
jenkins:appspiderjenkins appspiderle1.0.12

CPE	Name	Operator	Version
jenkins:appspider	jenkins appspider	le	1.0.12

CNA Affected

[
  {
    "product": "Jenkins AppSpider Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "1.0.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2058

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

12.5%

JSON

Related for CVE-2020-2314

cvelist1 prion1 github1 nvd1 osv1