CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Published Feb 3, 2026

https://github.com/advisories/GHSA-xr37-pjfh-qwwc

CVSS ScoreMedium

4.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Published Feb 3, 2026

https://github.com/advisories/GHSA-xr37-pjfh-qwwc

CVSS ScoreMedium

4.3


maven	org.jenkins-ci.plugins/fortify	19.1.28
maven	org.jenkins-ci.plugins/fortify	19.1.29

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/fortify	19.1.28
maven	org.jenkins-ci.plugins/fortify	19.1.29

Find vulnerabilities. Fix fast with AI.

CVE-2020-2107

CVE-2020-2107