CVE-2020-2208

Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:slack_upload:*:*:*:*:*:jenkins:*:*

History

No history.

Information

Published : 2020-07-02 15:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-2208

Mitre link : CVE-2020-2208

CVE.ORG link : CVE-2020-2208


JSON object : View

Products Affected

jenkins

  • slack_upload
CWE
CWE-522

Insufficiently Protected Credentials