CVE-2020-2165

LOW3.1EPSS 0.33%

Passwords transmitted in plain text by Jenkins Artifactory Plugin

Published: 5/24/2022Modified: 4/3/2025

Description

Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.

Affected packages (2)

Bitnami/artifactoryfrom 0, < 3.6.1
Maven/org.jenkins-ci.plugins:artifactoryfrom 0, < 3.6.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW3.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-2165
PATCHhttps://github.com/jenkinsci/artifactory-plugin
WEBhttps://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20(2)
WEBhttps://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%282%29
WEBhttp://www.openwall.com/lists/oss-security/2020/03/25/2