CVE-2020-2212

{"id": "CVE-2020-2212", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-07-02T15:15:18.117", "references": [{"url": "http://www.openwall.com/lists/oss-security/2020/07/02/7", "tags": ["Third Party Advisory"], "source": "jenkinsci-cert@googlegroups.com"}, {"url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1632", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}, {"url": "http://www.openwall.com/lists/oss-security/2020/07/02/7", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1632", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration."}, {"lang": "es", "value": "Jenkins GitHub Coverage Reporter Plugin versiones 1.8 y anteriores, almacenan secretos sin cifrar en su archivo de configuraci\u00f3n global en el maestro de Jenkins, donde pueden ser visualizados por usuarios con acceso al sistema de archivos maestro o permisos de lectura en la configuraci\u00f3n del sistema"}], "lastModified": "2024-11-21T05:24:58.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:github_coverage_reporter:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "B955D10E-3F5E-4FF8-9E3E-D46D7E8C539E", "versionEndIncluding": "1.8"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}