Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
References
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2020-01-29T15:15:31

Updated: 2023-10-24T16:05:02.482Z

Reserved: 2019-12-05T00:00:00


Link: CVE-2020-2107

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2020-01-29T16:15:12.693

Modified: 2023-10-25T18:16:29.733


Link: CVE-2020-2107

JSON object: View

cve-icon Redhat Information

No data.

CWE