Miggo Logo

CVE-2020-2209: Password stored in plain text by Jenkins TestComplete support Plugin

4.3

CVSS Score
3.1

Basic Information

EPSS Score
0.07093%
Published
5/24/2022
Updated
10/26/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:TestCompletemaven< 2.5.22.5.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from plaintext password storage in job config.xml files. The patch (commit 0098887) explicitly clears userName/userPassword fields when credentialsId is used, indicating these fields were the storage mechanism. The getUserPassword() method's use of Secret.getPlainText() and prepareServiceCommandLine's credential handling would directly expose the password. The newInstance method's modification to clear plaintext fields confirms these were the vulnerable entry points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins T*st*ompl*t* support Plu*in prior to v*rsion *.*.* stor*s * p*sswor* un*n*rypt** in jo* `*on*i*.xml` *il*s on t** J*nkins m*st*r w**r* it **n ** vi*w** *y us*rs wit* *xt*n*** R*** p*rmission, or ****ss to t** m*st*r *il* syst*m. V*rsion *.*.*

Reasoning

T** vuln*r**ility st*ms *rom pl*int*xt p*sswor* stor*** in jo* `*on*i*.xml` *il*s. T** p*t** (*ommit *******) *xpli*itly *l**rs `us*rN*m*`/`us*rP*sswor*` *i*l*s w**n `*r***nti*lsI*` is us**, in*i**tin* t**s* *i*l*s w*r* t** stor*** m****nism. T** `**