GHSA-chm8-wp3h-f4m3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-chm8-wp3h-f4m3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-chm8-wp3h-f4m3/GHSA-chm8-wp3h-f4m3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-chm8-wp3h-f4m3
- Aliases
- Published
- 2022-05-24T16:43:53Z
- Modified
- 2024-02-16T08:08:35.168740Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Jenkins jira-ext Plugin stores credentials unencrypted
- Details
-
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file
hudson.plugins.jira.JiraProjectProperty.xmlon the Jenkins master. These credentials could be viewed by users with access to the Jenkins master file system.jira-ext Plugin version 0.9 stores credentials encrypted.
- Database specific
{ "nvd_published_at": "2019-04-18T17:29:00Z", "severity": "HIGH", "github_reviewed_at": "2023-05-19T23:46:18Z", "github_reviewed": true, "cwe_ids": [ "CWE-256", "CWE-522" ] }- References
Affected packages
Maven / org.jenkins-ci.plugins:jira-ext
Package
- Name
- org.jenkins-ci.plugins:jira-ext
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/jira-ext