The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server, related to the storage of the AWS secret key in an unencrypted form, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Statistics Gatherer plugin in the Jenkins automation server relates to the storage of the AWS secret key in an unencrypted form within the configuration file org.jenkins.plugins.statistics.gatherer.StatisticsConfiguration.xml. Exploiting this vulnerability could allow a...

SUSE CVE-2020-2239

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2020-2249

CVE-2020-2249 affects Jenkins Team Foundation Server Plugin versions 5.157.1 and earlier, where a webhook secret is stored unencrypted in the plugin’s global configuration file (hudson.plugins.tfs.TeamPluginGlobalConfig.xml) on the Jenkins controller file system. This allows attackers with local ...

CVE-2020-2239

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2020-2208

Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...