{"api_version":"1","generated_at":"2026-04-11T00:26:20+00:00","cve":"CVE-2020-2164","urls":{"html":"https://cve.report/CVE-2020-2164","api":"https://cve.report/api/cve/CVE-2020-2164.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-2164","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-2164"},"summary":{"title":"CVE-2020-2164","description":"Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.","state":"PUBLIC","assigner":"jenkinsci-cert@googlegroups.com","published_at":"2020-03-25 17:15:00","updated_at":"2023-10-25 18:16:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29","name":"https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29","refsource":"MISC","tags":[],"title":"Jenkins Security Advisory 2020-03-25","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/03/25/2","name":"[oss-security] 20200325 Multiple vulnerabilities in Jenkins and Jenkins plugins","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Multiple vulnerabilities in Jenkins and Jenkins plugins","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20(1)","name":"https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20(1)","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Jenkins Security Advisory 2020-03-25","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-2164","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2164","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"2164","vulnerable":"1","versionEndIncluding":"3.5.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"jfrog","cpe5":"artifactory","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"jenkins","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2020-2164","ASSIGNER":"jenkinsci-cert@googlegroups.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Jenkins project","product":{"product_data":[{"product_name":"Jenkins Artifactory Plugin","version":{"version_data":[{"version_affected":"<=","version_name":"unspecified","version_value":"3.5.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29","refsource":"MISC","name":"https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29"},{"url":"http://www.openwall.com/lists/oss-security/2020/03/25/2","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2020/03/25/2"}]}},"nvd":{"publishedDate":"2020-03-25 17:15:00","lastModifiedDate":"2023-10-25 18:16:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"3.5.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"2164","Ordinal":"161636","Title":"CVE-2020-2164","CVE":"CVE-2020-2164","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"2164","Ordinal":"1","NoteData":"Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"2164","Ordinal":"2","NoteData":"2020-03-25","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"2164","Ordinal":"3","NoteData":"2020-03-25","Type":"Other","Title":"Modified"}]}}}