CVE-2020-2145

MEDIUM

Jenkins Zephyr Enterprise Test Management Plugin < 1.9.1 - Insufficiently Protected Credentials

Title source: llm
STIX 2.1

Description

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/03/09/1

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 1.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-522
Status published
Products (2)
jenkins/zephyr_enterprise_test_management < 1.9.1
org.jenkins-ci.plugins/zephyr-enterprise-test-management 0 - 1.10Maven
Published Mar 09, 2020
Tracked Since Feb 18, 2026