CVE-2020-2319

Name of the Vulnerable Software and Affected Versions Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier

Description The issue concerns the storage of a password in an unencrypted form in the global config.xml file on the Jenkins controller. This allows users with access to the Jenkins controller file system to view the password. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Technical details include the storage of the password in the config.xml file, which can be accessed by users with file system access to the Jenkins controller.

Recommendations For Jenkins VMware Lab Manager Slaves Plugin versions 0.2.8 and earlier, consider updating to a version that properly encrypts passwords, if available. As a temporary workaround, restrict access to the Jenkins controller file system to minimize the risk of password exposure. Avoid storing sensitive information in the global config.xml file until the issue is resolved.