CVE-2020-2274
First published: Wed Sep 16 2020(Updated: )
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.jenkins-ci.plugins:elastest | <=1.2.1 | |
| Jenkins | <=1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-2274?
CVE-2020-2274 is considered a high severity vulnerability due to the exposure of unencrypted credentials.
How do I fix CVE-2020-2274?
To fix CVE-2020-2274, upgrade the Jenkins ElasTest Plugin to version 1.2.2 or later, where the vulnerability is addressed.
What are the risks associated with CVE-2020-2274?
The risks associated with CVE-2020-2274 include unauthorized access to sensitive information stored in the Jenkins configuration file.
Who is affected by CVE-2020-2274?
CVE-2020-2274 affects users of Jenkins ElasTest Plugin versions 1.2.1 and earlier.
What does CVE-2020-2274 expose?
CVE-2020-2274 exposes the server password as it is stored unencrypted in the global configuration file of Jenkins.
- collector/github-advisory-latest
- alias/GHSA-p9rc-x48f-582x
- alias/CVE-2020-2274
- collector/github-advisory
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-api
- package-manager/maven
- vendor/jenkins
- canonical/jenkins
- version/jenkins/1.2.1