GHSA-c8mf-mc3f-2wvc

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-c8mf-mc3f-2wvc/GHSA-c8mf-mc3f-2wvc.json
Aliases
  • CVE-2022-34199
Published
2022-06-24T00:00:31Z
Modified
2023-03-18T05:55:41.690509Z
Details

Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

References

Affected packages

Maven / com.convertigo.jenkins.plugins:convertigo-mobile-platform

com.convertigo.jenkins.plugins:convertigo-mobile-platform

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0

Affected versions

1.*

1.0
1.1

Database specific

{
    "last_known_affected_version_range": "<= 1.1"
}