CVE-2020-2145

MEDIUM

Jenkins Zephyr Enterprise Test Manage... - Insufficiently Protected Credentials

Title source: rule

Description

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.

References (2)

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 1.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (2)

jenkins/zephyr_enterprise_test_management < 1.9.1
org.jenkins-ci.plugins/zephyr-enterprise-test-management < 1.10Maven

Timeline

Published Mar 09, 2020
Tracked Since Feb 18, 2026