CVE-2017-1000113

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-1000113

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000113.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000113

Aliases

GHSA-3q6p-r6rr-266x

Published

2017-10-05T01:29:04Z

Modified

2024-09-03T01:33:25.507105Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.

References

https://jenkins.io/security/advisory/2017-08-07/

Affected packages

Git / github.com/jenkinsci/deploy-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/deploy-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

254001a345be10a77f150af0741248df44b7c811

Affected versions

deploy-1.*

deploy-1.10

deploy-1.12

deploy-1.7

deploy-1.8

deploy-1.9