Main Vulnerability Database Vulnerabilities #VU29518

Cleartext storage of sensitive information in Slack Upload - CVE-2020-2208

Published: July 3, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU29518

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-2208

CWE-ID: CWE-312

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Slack Upload

Software vendor:
Jenkins

Description

The vulnerability allows a remote user to view the password on the target system.

The vulnerability exists due to the affected software stores a secret unencrypted in job config.xml files as part of its configuration. A remote user with Extended Read permission or access to the master file system can obtain credentials.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

http://www.openwall.com/lists/oss-security/2020/07/02/7
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1627

Cleartext storage of sensitive information in Slack Upload - CVE-2020-2208

Description

Remediation

External links

Please verify you're human