CVE-2020-2114: Insufficiently Protected Credentials

February 12, 2020 (updated February 14, 2020)

Jenkins S3 publisher Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form. This can result in exposure of the credential through browser extensions, cross-site scripting vulnerabilities, and similar situations.

References

jenkins.io/security/advisory/2020-02-12/
nvd.nist.gov/vuln/detail/CVE-2020-2114

Detect and mitigate CVE-2020-2114 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →