GHSA-9678-5f6f-wp3f

Source

https://github.com/advisories/GHSA-9678-5f6f-wp3f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9678-5f6f-wp3f/GHSA-9678-5f6f-wp3f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9678-5f6f-wp3f

Aliases

CVE-2019-10398

Published

2022-05-24T16:55:59Z

Modified

2024-02-16T08:23:26.451569Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials

Details

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.

Beaker builder Plugin now stores these credentials encrypted.

Database specific

{
    "nvd_published_at": "2019-09-12T14:15:00Z",
    "cwe_ids": [
        "CWE-522"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-02T16:42:30Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:beaker-builder

Package

Name: org.jenkins-ci.plugins:beaker-builder; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/beaker-builder

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10

Affected versions

1.*

1.0

1.1.1

1.2

1.3

1.4

1.4.1

1.5

1.6

1.7

1.8

1.9