CVE-2020-2119

MEDIUM

Jenkins Azure AD < 1.1.2 - Insufficiently Protected Credentials

Title source: rule

Description

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

References (2)

Scores

CVSS v3 5.3
EPSS 0.0004
EPSS Percentile 11.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (2)

jenkins/azure_ad < 1.1.2
org.jenkins-ci.plugins/azure-ad < 1.2.0Maven

Timeline

Published Feb 12, 2020
Tracked Since Feb 18, 2026