CVE-2020-2274 – org.jenkins-ci.plugins:elastest

Package

Manager: maven
Name: org.jenkins-ci.plugins:elastest
Vulnerable Version: >=0 <=1.2.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0001 pctl0.0084

Details

Passwords stored in plain text by ElasTest Plugin Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Metadata

Created: 2022-05-24T17:28:27Z
Modified: 2023-10-27T13:44:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9rc-x48f-582x/GHSA-p9rc-x48f-582x.json
CWE IDs: ["CWE-312"]
Alternative ID: GHSA-p9rc-x48f-582x
Finding: F020
Auto approve: 1