Main Vulnerability Database Vulnerabilities #VU29520

#VU29520 Cleartext transmission of sensitive information in Stash Branch Parameter - CVE-2020-2210

Published: July 3, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU29520

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-2210

CWE-ID: CWE-319

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Stash Branch Parameter

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

http://www.openwall.com/lists/oss-security/2020/07/02/7
https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1656