Low severityNVD Advisory· Published Mar 25, 2020· Updated Aug 4, 2024
CVE-2020-2164
CVE-2020-2164
Description
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:artifactoryMaven | < 3.6.0 | 3.6.0 |
Affected products
3- osv-coords2 versions
< 3.5.1+ 1 more
- (no CPE)range: < 3.5.1
- (no CPE)range: < 3.6.0
- Range: unspecified
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-4q47-ph87-fq4fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-2164ghsaADVISORY
- www.openwall.com/lists/oss-security/2020/03/25/2ghsamailing-listx_refsource_MLISTWEB
- jenkins.io/security/advisory/2020-03-25/mitrex_refsource_CONFIRM
- jenkins.io/security/advisory/2020-03-25/ghsaWEB
News mentions
1- Jenkins Security Advisory 2020-03-25Jenkins Security Advisories · Mar 25, 2020