3.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2114

GHSA ID

GHSA-ffr6-8cv5-j637

EPSS Score

0.16456%

CWE

CWE-319

Published

5/24/2022

Updated

12/21/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-2114

CVE-2020-2114: Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration

S3 Publisher Plugin stores a secret key in its global configuration. While the credential is stored encrypted on disk, it is transmitted in plain text as part of the configuration form by S3 publisher Plugin 0.11.4 and earlier. This can result in exposure of the credential through browser extensions, cross-site scripting vulnerabilities, and similar situations. S3 Publisher Plugin 0.11.5 transmits the secret key in its global configuration encrypted.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-2114

CVE-2020-2114:

3.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-2114

GHSA ID

GHSA-ffr6-8cv5-j637

EPSS Score

0.16456%

CWE

CWE-319

Published

5/24/2022

Updated

12/21/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:s3	maven	<= 0.11.4	0.11.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from how secret keys were handled in the configuration form validation. The pre-patch version of doLoginCheck in S3BucketPublisher.java:1) Used StaplerRequest.getParameter() to retrieve credentials in plaintext 2) Passed raw secretKey string to ClientHelper.createClient() 3) Was accessible without POST method requirements. The commit diff shows the fix involved:1) Using Secret type for secretKey parameter 2) Adding @RequirePOST annotation 3) Converting secretKey to encrypted Secret.getPlainText(). The global.jelly changes also confirm credentials were previously transmitted via plaintext query parameters in checkUrl.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-2114: Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration

CVE-2020-2114:

3.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

3.1

3.1

CVE-2020-2114: Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI