CVE-2020-2107

Name of the Vulnerable Software and Affected Versions Jenkins Fortify Plugin versions 19.1.29 and earlier

Description The issue concerns the storage of proxy server passwords in an unencrypted manner within job config.xml files on the Jenkins master. These passwords can be accessed by users who have Extended Read permission or direct access to the master file system. The problem allows unauthorized viewing of sensitive information.

Recommendations For Jenkins Fortify Plugin versions 19.1.29 and earlier, update to version 19.2.30 or later, which encrypts the proxy server password, to resolve the issue. As a temporary workaround, consider restricting access to the master file system and limiting Extended Read permissions to minimize the risk of exploitation.