Vulnerability Description
Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp Application Lifecycle Management Quality Center Project | Hp Application Lifecycle Management Quality Center | <= 1.6 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/07/02/7Third Party Advisory
- https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576Vendor Advisory
- http://www.openwall.com/lists/oss-security/2020/07/02/7Third Party Advisory
- https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1576Vendor Advisory
FAQ
What is CVE-2020-2218?
CVE-2020-2218 is a vulnerability with a CVSS score of 3.3 (LOW). Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file...
How severe is CVE-2020-2218?
CVE-2020-2218 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-2218?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Application Lifecycle Management Quality Center Project Hp Application Lifecycle Management Quality Center.