CVE-2020-2132

MEDIUM

Jenkins Parasoft Environment Manager - Insufficiently Protected Cre...

Title source: rule

Description

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0005
EPSS Percentile 14.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (2)

jenkins/parasoft_environment_manager < 2.14
com.parasoft/environment-manager < 2.15Maven

Timeline

Published Feb 12, 2020
Tracked Since Feb 18, 2026