GHSA-4q47-ph87-fq4f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4q47-ph87-fq4f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4q47-ph87-fq4f/GHSA-4q47-ph87-fq4f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4q47-ph87-fq4f
- Aliases
- Published
- 2022-05-24T17:12:40Z
- Modified
- 2024-02-16T08:01:02.909210Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Passwords stored in plain text by Jenkins Artifactory Plugin
- Details
-
Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password in plain text in the global configuration file
org.jfrog.hudson.ArtifactoryBuilder.xml. This password can be viewed by users with access to the Jenkins controller file system.Artifactory Plugin 3.6.0 now stores the Artifactory server password encrypted. This change is effective once the global configuration is saved the next time.
- Database specific
{ "nvd_published_at": "2020-03-25T17:15:00Z", "cwe_ids": [ "CWE-312", "CWE-522" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2022-12-22T13:54:52Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:artifactory
Package
- Name
- org.jenkins-ci.plugins:artifactory
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/artifactory
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.0
Affected versions
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.5.0
2.5.1
2.6.0
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.8.2
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.11.0
2.12.0
2.12.1
2.12.2
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.16.0
2.16.1
2.16.2
3.*
3.0.0
3.1.0
3.1.1
3.1.2
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.3.0
3.3.1
3.3.2
3.4.0
3.4.1
3.5.0