CVE-2020-2177

Name of the Vulnerable Software and Affected Versions Jenkins Copr Plugin versions 0.3 and earlier

Description The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users with Extended Read permission or those who have access to the master file system. The credentials are stored as part of the plugin's configuration.

Recommendations For Jenkins Copr Plugin versions 0.3 and earlier, update to version 0.6.1 or later to ensure credentials are stored encrypted. As a temporary workaround, consider restricting access to the Jenkins master file system and limiting Extended Read permissions to minimize the risk of credential exposure.