CVE-2020-2249

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-2249

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2249.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-2249

Aliases

GHSA-w6c2-jrhh-jrxg

Published

2020-09-01T14:15:13.283Z

Modified

2026-03-14T14:46:14.781341Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

References

Affected packages

Git / github.com/jenkinsci/tfs-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/tfs-plugin

Events

Introduced

Last affected

0ebfc2acee98227d4938fd2fc4764ac4a840e12c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.157.1"
        }
    ]
}

Affected versions

tfs-1.*

tfs-1.12

tfs-1.13

tfs-1.14

tfs-1.15

tfs-1.16

tfs-1.17

tfs-1.18

tfs-1.19

tfs-1.20

tfs-2.*

tfs-2.0

tfs-3.*

tfs-3.0.0

tfs-3.0.1

tfs-3.1.1

tfs-3.2.0

tfs-4.*

tfs-4.0.0

tfs-4.1.0

tfs-5.*

tfs-5.0.0

tfs-5.1.0

tfs-5.121.0

tfs-5.126.0

tfs-5.133.0

tfs-5.139.2

tfs-5.142.0

tfs-5.157.0

tfs-5.157.1

tfs-5.2.0

tfs-5.2.1

tfs-5.3.0

tfs-5.3.1

tfs-5.3.2

tfs-5.3.3

tfs-5.3.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2249.json"