Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job `config.xml` files. This password could be read by users with the Extended Read permission.

Fortify Plugin 19.2.30 now encrypts the proxy server password.

Affected Packages

Maven org.jenkins-ci.plugins:fortify

Affected versions: 0 (fixed in 19.2.30)

Related CVEs

CVE-2020-2107

Key Information

GHSA ID

GHSA-xr37-pjfh-qwwc

Published

May 24, 2022 5:07 PM

Last Modified

December 19, 2022 9:15 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:fortify

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 5, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.