CVE-2020-2164

MEDIUM

Jfrog Artifactory < 3.5.0 - Insufficiently Protected Credentials

Title source: rule

Description

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2020/03/25/2

[Vendor Advisory] https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 48.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

jfrog/artifactory < 3.5.0

org.jenkins-ci.plugins/artifactory < 3.6.0Maven

Timeline

Published Mar 25, 2020

Tracked Since Feb 18, 2026