#VU26037 Cleartext transmission of sensitive information in Quality Gates - CVE-2020-2151
Published: March 12, 2020
Vulnerability identifier: #VU26037
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-2151
CWE-ID: CWE-319
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Quality Gates
Quality Gates
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
Note: The affected plugin stores credentials in its global configuration file "quality.gates.jenkins.plugin.GlobalConfig.xml" on the Jenkins master as part of its configuration.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.