Lucene search
GoogleOSV:GHSA-XQF6-5GRH-6223HistoryMay 24, 2022 - 5:12 p.m.
Passwords transmitted in plain text by Jenkins Artifactory Plugin
2022-05-2417:12:40
Google
osv.dev
9
jenkins artifactory plugin
passwords
plain text
encryption
vulnerabilities
EPSS
0.002
Percentile
55.1%
Jenkins Artifactory Plugin 3.6.0 and earlier stores Artifactory server passwords in its global configuration file org.jfrog.hudson.ArtifactoryBuilder.xml on the Jenkins controller as part of its configuration.
While the password is stored encrypted on disk since Artifactory Plugin 3.6.0, it is transmitted in plain text as part of the configuration form by Artifactory Plugin 3.6.0 and earlier. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.
Artifactory Plugin 3.6.1 transmits the password in its global configuration encrypted.
Related
nvd
nvd
CVE-2020-2165
2020-03-25 17:15:15
cve
cve
CVE-2020-2165
2020-03-25 17:15:15
github
github
Passwords transmitted in plain text by Jenkins Artifactory Plugin
2022-05-24 17:12:40
osv
osv
BIT-artifactory-2020-2165
2024-03-06 10:53:03
CVE-2020-2165
2020-03-25 17:15:15
prion
prion
Code injection
2020-03-25 17:15:00
cvelist
cvelist
CVE-2020-2165
2020-03-25 16:05:36