GHSA-3q6p-r6rr-266x

Source

https://github.com/advisories/GHSA-3q6p-r6rr-266x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3q6p-r6rr-266x/GHSA-3q6p-r6rr-266x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3q6p-r6rr-266x

Aliases

CVE-2017-1000113

Published

2022-05-14T00:58:29Z

Modified

2024-02-18T05:33:27.235672Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Jenkins Deploy to container Plugin stored plain text passwords in job configuration

Details

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.

Database specific

{
    "nvd_published_at": "2017-10-05T01:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T22:10:41Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:deploy

Package

Name: org.jenkins-ci.plugins:deploy; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/deploy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13

Affected versions

1.*

1.7

1.8

1.9

1.10

Database specific

{
    "last_known_affected_version_range": "<= 1.12"
}