Home

CVE-2020-2239

Description

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.048

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-2239 are fixed in Jenkins - Parameterized-Remote-Trigger 3.1.4Windows
Vulnerabilities CVE-2020-2239 are fixed in Jenkins - Parameterized-Remote-Trigger for Linux 3.1.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234