CVE-2017-1000113

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000113

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000113.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000113

Aliases

GHSA-3q6p-r6rr-266x

Published

2017-10-05T01:29:04.510Z

Modified

2026-03-13T22:21:51.818602Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.

References

https://jenkins.io/security/advisory/2017-08-07/

Affected packages

Git / github.com/jenkinsci/deploy-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/deploy-plugin

Events

Introduced

Last affected

254001a345be10a77f150af0741248df44b7c811

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.12"
        }
    ]
}

Affected versions

deploy-1.*

deploy-1.10

deploy-1.12

deploy-1.7

deploy-1.8

deploy-1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000113.json"