Main Vulnerability Database Vulnerabilities #VU46957

#VU46957 Cleartext storage of sensitive information in ElasTest - CVE-2020-2274

Published: September 16, 2020 / Updated: May 3, 2021

Vulnerability identifier: #VU46957

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-2274

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ElasTest

Software vendor:
Jenkins

Description

The vulnerability allows a local user to view the password on the target system.

The vulnerability exists due to the affected software stores its server password in plain text in the global configuration file "jenkins.plugins.elastest.ElasTestInstallation.xml". A local user with access to the Jenkins controller file system can obtain credentials.

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2020/09/16/3
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-2014

#VU46957 Cleartext storage of sensitive information in ElasTest - CVE-2020-2274

Description

Remediation

External links

Please verify you're human