GHSA-cvh8-9j4x-5v4j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cvh8-9j4x-5v4j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cvh8-9j4x-5v4j/GHSA-cvh8-9j4x-5v4j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cvh8-9j4x-5v4j
- Aliases
- Published
- 2022-05-13T01:18:46Z
- Modified
- 2024-02-16T08:07:20.523269Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
- Details
-
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.
- Database specific
{ "nvd_published_at": "2019-01-09T23:29:00Z", "cwe_ids": [ "CWE-522" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-01-30T22:04:02Z" }- References
Affected packages
Maven / org.jenkins-ci.plugins:artifactory
Package
- Name
- org.jenkins-ci.plugins:artifactory
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/artifactory
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.16.2
Affected versions
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.5.0
2.5.1
2.6.0
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.8.2
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.11.0
2.12.0
2.12.1
2.12.2
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.16.0
2.16.1