CVE-2020-2164

MEDIUM

Jenkins Artifactory Plugin <= 3.5.0 - Unprotected Credential Storage

Title source: llm

Description

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/03/25/2

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (2)

jfrog/artifactory < 3.5.0

org.jenkins-ci.plugins/artifactory 0 - 3.6.0Maven

Published Mar 25, 2020

Tracked Since Feb 18, 2026