Miggo Logo

CVE-2020-2145:
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin

3.3

CVSS Score
3.1

Basic Information

EPSS Score
0.01037%
Published
5/24/2022
Updated
10/26/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:zephyr-enterprise-test-managementmaven< 1.101.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from plaintext password storage in ZeeReporter.xml. Jenkins plugins typically:

  1. Use getters/setters for configuration fields (getPassword)
  2. Use Descriptor classes for global config persistence (ZeeReporterDescriptor)

While no patch code is available, the advisory explicitly identifies:

  • The vulnerable file (ZeeReporter.xml)
  • The mitigation path (Credentials Plugin integration)

These functions would appear in runtime profiling when:

  1. Configuring the plugin (password setter/getter calls)
  2. Saving global configuration (descriptor persistence)

High confidence in getPassword() as it directly exposes the sensitive value. Medium confidence in descriptor save mechanism as it's pattern-based inference.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Z*p*yr *nt*rpris* T*st M*n***m*nt Plu*in *.*.* *n* **rli*r stor*s its Z*p*yr p*sswor* in pl*in t*xt in t** *lo**l *on*i*ur*tion *il* `*om.t***.z*p*yr.j*nkins.r*port*r.Z**R*port*r.xml`. T*is p*sswor* **n ** vi*w** *y us*rs wit* ****ss to t** J*nkins *

Reasoning

T** vuln*r**ility st*ms *rom pl*int*xt p*sswor* stor*** in Z**R*port*r.xml. J*nkins plu*ins typi**lly: *. Us* **tt*rs/s*tt*rs *or *on*i*ur*tion *i*l*s (**tP*sswor*) *. Us* **s*riptor *l*ss*s *or *lo**l *on*i* p*rsist*n** (Z**R*port*r**s*riptor) W*il