CVE-2020-2107
First published: Wed Jan 29 2020(Updated: )
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Fortify | <=19.1.29 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-2107?
CVE-2020-2107 is a vulnerability in Jenkins Fortify Plugin 19.1.29 and earlier that stores proxy server passwords unencrypted in job config.xml files on the Jenkins master.
How severe is CVE-2020-2107?
CVE-2020-2107 has a severity rating of 4.3 (medium).
How does CVE-2020-2107 affect Jenkins Fortify Plugin?
CVE-2020-2107 affects Jenkins Fortify Plugin 19.1.29 and earlier versions.
What are the potential consequences of CVE-2020-2107?
CVE-2020-2107 allows users with Extended Read permission or access to the master file system to view unencrypted proxy server passwords stored in job config.xml files.
Are there any fixes available for CVE-2020-2107?
Currently, there is no known fix for CVE-2020-2107. It is recommended to upgrade to a version of Jenkins Fortify Plugin that is not affected by the vulnerability.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/jenkins
- canonical/jenkins fortify
- version/jenkins fortify/19.1.29