{"id":"CVE-2020-2319","details":"Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.","aliases":["GHSA-cg4h-cfjp-h3x2"],"modified":"2026-03-14T10:06:48.839782Z","published":"2020-11-04T15:15:12.647Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-2084"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/labmanager-plugin","events":[{"introduced":"0"},{"last_affected":"e2d621971db8856d81ff41f0d796ebb07d8ebfec"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.2.8"}]}}],"versions":["labmanager-0.1.4","labmanager-0.1.5","labmanager-0.1.6","labmanager-0.1.8","labmanager-0.1.9","labmanager-0.2.0","labmanager-0.2.1","labmanager-0.2.2","labmanager-0.2.3","labmanager-0.2.4","labmanager-0.2.5","labmanager-0.2.6","labmanager-0.2.7","labmanager-0.2.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-2319.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}