CVE-2020-2157 – org.jenkins-ci.plugins:skytap

Package

Manager: maven
Name: org.jenkins-ci.plugins:skytap
Vulnerable Version: >=0 <=2.07

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00024 pctl0.0488

Details

Credentials transmitted in plain text by Skytap Cloud CI Plugin Skytap Cloud CI Plugin stores credentials in job `config.xml` files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and earlier. These credentials could be viewed by users with Extended Read permission.

Metadata

Created: 2022-05-24T17:10:30Z
Modified: 2023-01-05T20:49:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q2wv-m3pq-xpv9/GHSA-q2wv-m3pq-xpv9.json
CWE IDs: ["CWE-319"]
Alternative ID: GHSA-q2wv-m3pq-xpv9
Finding: F017
Auto approve: 1