GHSA-746x-xxrx-23jp

Suggest an improvement
Source
https://github.com/advisories/GHSA-746x-xxrx-23jp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-746x-xxrx-23jp/GHSA-746x-xxrx-23jp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-746x-xxrx-23jp
Aliases
  • CVE-2019-10294
Published
2022-05-13T01:15:02Z
Modified
2024-01-30T22:11:38.568255Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Jenkins Kmap Plugin stores credentials in plain text
Details

Jenkins Kmap Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

References

Affected packages

Maven / org.jenkins-ci.plugins:kmap-jenkins

Package

Name
org.jenkins-ci.plugins:kmap-jenkins
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/kmap-jenkins

Affected ranges

Affected versions

1.*

1.6