CVE-2020-2126

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins DigitalOcean Plugin version 1.1 and earlier

Description The issue concerns the storage of a token in an unencrypted form within the global config.xml file on the Jenkins master. This token can be accessed by users who have permission to view the master file system.

Recommendations For Jenkins DigitalOcean Plugin version 1.1 and earlier, consider restricting access to the global config.xml file to minimize the risk of token exposure until a patch is available.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256CWE-522

Related Identifiers

CVE-2020-2126

GHSA-8G6V-G8QC-5W7J

Affected Products

Jenkins

Jenkins Digitalocean Plugin

CVE-2020-2126

Weakness Enumeration

Related Identifiers

Affected Products

References · 8