Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-2131
CVE-2020-2131:
Java vulnerability analysis and mitigation
Overview
Harvest SCM Plugin version 0.5.1 and earlier contains a security vulnerability (CVE-2020-2131) related to password storage in job configuration files. The vulnerability was disclosed on February 12, 2020, affecting the Jenkins Harvest SCM Plugin (Jenkins Advisory).
Technical details
The vulnerability is classified with medium severity (CVSS) and involves the storage of SCM passwords in unencrypted form within job config.xml files on the Jenkins controller. This insecure storage practice exposes sensitive credentials in plaintext format (Jenkins Advisory).
Impact
The exposed credentials can be accessed by users with Extended Read permission who can view the job config.xml files, as well as by anyone with access to the Jenkins controller file system. This creates a potential security risk where unauthorized users could obtain valid SCM credentials (Jenkins Advisory).
Mitigation and workarounds
As of the advisory publication date (February 12, 2020), no fix was available for this vulnerability. Users should implement access controls to restrict permissions to job configuration files and the Jenkins controller file system (Jenkins Advisory).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management