CVE-2020-2124

MEDIUM

Jenkins Dynamic Extended Choice Param... - Insufficiently Protected Credentials

Title source: rule

Description

Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

References (2)

Scores

CVSS v3 4.3
EPSS 0.0003
EPSS Percentile 8.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (2)

jenkins/dynamic_extended_choice_parameter < 1.0.1
com.moded.extendedchoiceparameter/dynamic_extended_choice_parameter Maven

Timeline

Published Feb 12, 2020
Tracked Since Feb 18, 2026