What is the vulnerability ID of this vulnerability?

The vulnerability ID of this vulnerability is CVE-2020-2209.

What software is affected by this vulnerability?

Jenkins TestComplete support Plugin versions 2.4.1 and earlier are affected by this vulnerability.

How can the vulnerability be patched?

The vulnerability can be patched by updating the Jenkins TestComplete support Plugin to version 2.5.2 or later.

What is the severity of this vulnerability?

The severity of this vulnerability is medium, with a severity value of 4.3.

Vulnerability/
CVE-2020-2209

medium

4.3

CWE

522 256

2/7/2020

24/5/2022

4/8/2024

CVE-2020-2209

Q: How does this vulnerability store a password?

This vulnerability stores a password unencrypted in job `config.xml` files on the Jenkins master where it can be viewed by users with Extended Read permission or access to the master file system.

First published: Thu Jul 02 2020(Updated: )

Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Jenkins Testcomplete Support	<=2.4.1
maven/org.jenkins-ci.plugins:TestComplete	<2.5.2	2.5.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2020-2209.
What software is affected by this vulnerability?
Jenkins TestComplete support Plugin versions 2.4.1 and earlier are affected by this vulnerability.
How does this vulnerability store a password?
This vulnerability stores a password unencrypted in job `config.xml` files on the Jenkins master where it can be viewed by users with Extended Read permission or access to the master file system.
How can the vulnerability be patched?
The vulnerability can be patched by updating the Jenkins TestComplete support Plugin to version 2.5.2 or later.
What is the severity of this vulnerability?
The severity of this vulnerability is medium, with a severity value of 4.3.

collector/nvd-index
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-r32r-f6wr-cc3w
alias/CVE-2020-2209
collector/github-advisory
collector/nvd-cve
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
vendor/jenkins
canonical/jenkins testcomplete support
version/jenkins testcomplete support/2.4.1
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.