CVE-2020-2114: 
Java vulnerability analysis and mitigation

CVE-2020-2114 affects the Jenkins S3 publisher Plugin versions 0.11.4 and earlier. The vulnerability was discovered and reported by Wadeck Follonier from CloudBees, Inc. and was publicly disclosed on February 12, 2020. This security issue involves the exposure of credentials in the plugin's global configuration form (Jenkins Advisory).

The vulnerability has a CVSS severity rating of Low. The technical issue involves the S3 publisher Plugin storing a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form, potentially exposing sensitive information through browser extensions, cross-site scripting vulnerabilities, and similar attack vectors (Jenkins Advisory).

The vulnerability could result in the exposure of secret keys stored in the global configuration through various attack vectors including browser extensions and cross-site scripting vulnerabilities. This exposure could potentially allow unauthorized access to the configured S3 resources (Jenkins Advisory).

The vulnerability has been fixed in S3 publisher Plugin version 0.11.5, which implements encrypted transmission of the secret key in its global configuration. Users are advised to upgrade to this version or later to address the security issue (Jenkins Advisory).