CVE-2020-2127 – rpd:bmc-rpd

Package

Manager: maven
Name: rpd:bmc-rpd
Vulnerable Version: >=0 <=1.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00031 pctl0.07213

Details

Credential stored in plain text by BMC Release Package and Deployment Plugin Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. As of publication of this advisory, there is no fix.

Metadata

Created: 2022-05-24T17:08:47Z
Modified: 2023-01-09T19:46:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2j3r-x6xc-qqqj/GHSA-2j3r-x6xc-qqqj.json
CWE IDs: ["CWE-256", "CWE-522"]
Alternative ID: GHSA-2j3r-x6xc-qqqj
Finding: F020
Auto approve: 1