Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-2212 Vulnerability in maven package org.jenkins-ci.plugins:github-coverage-reporter

Description

Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system or read permissions on the system configuration.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/07/02/7

https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1632

Related Vulnerabilities

CVE-2018-12023 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-43414 Vulnerability in maven package org.jenkins-ci.plugins:nunit

CVE-2018-1304 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2019-5748 Vulnerability in maven package org.traccar:traccar

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Third Party Advisory Vendor Advisory