GHSA-hhhh-69qp-5p2v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hhhh-69qp-5p2v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hhhh-69qp-5p2v/GHSA-hhhh-69qp-5p2v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hhhh-69qp-5p2v
- Aliases
- Published
- 2022-05-24T16:58:50Z
- Modified
- 2024-02-16T08:21:11.909861Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Jenkins Fortify on Demand Plugin stores credentials in plain text
- Details
-
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job
config.xmlfiles on the Jenkins controller. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system. - Database specific
{ "nvd_published_at": "2019-10-16T14:15:00Z", "cwe_ids": [ "CWE-312" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-10-27T15:45:23Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-10449
- https://github.com/jenkinsci/fortify-on-demand-uploader-plugin/commit/277642040362bcc64df163bfc1ab48f7763c2853
- https://github.com/jenkinsci/fortify-on-demand-uploader-plugin/commit/83b23662dc0ce9486b904e282bd8047496730819
- https://github.com/jenkinsci/fortify-on-demand-uploader-plugin
- https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1433
Affected packages
Maven / org.jenkins-ci.plugins:fortify-on-demand-uploader
Package
- Name
- org.jenkins-ci.plugins:fortify-on-demand-uploader
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/fortify-on-demand-uploader
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.0.0