CVE-2020-2314

MEDIUM

Jenkins AppSpider Plugin <1.0.12 - Info Disclosure

Title source: llm

Description

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

References (1)

[Vendor Advisory] https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2058

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (2)

jenkins/appspider < 1.0.12

com.rapid7/jenkinsci-appspider-plugin < 1.0.13Maven

Timeline

Published Nov 04, 2020

Tracked Since Feb 18, 2026