CVE-2020-2145: Insufficiently Protected Credentials

May 24, 2022 (updated January 14, 2023)

Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.

References

www.openwall.com/lists/oss-security/2020/03/09/1
github.com/advisories/GHSA-xv58-gp43-6m76
jenkins.io/security/advisory/2020-03-09/
nvd.nist.gov/vuln/detail/CVE-2020-2145

Code Behaviors & Features

Detect and mitigate CVE-2020-2145 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →