GHSA-hm57-4qpx-f734

Source

https://github.com/advisories/GHSA-hm57-4qpx-f734

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hm57-4qpx-f734/GHSA-hm57-4qpx-f734.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hm57-4qpx-f734

Aliases

CVE-2020-2156

Published

2022-05-24T17:10:29Z

Modified

2023-11-08T04:02:53.739864Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Credentials transmitted in plain text by Jenkins DeployHub Plugin

Details

DeployHub Plugin stores credentials in job config.xml files as part of its configuration.

While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by DeployHub Plugin 8.0.14 and earlier. These credentials could be viewed by users with Extended Read permission.

Database specific

{
    "nvd_published_at": "2020-03-09T16:15:00Z",
    "github_reviewed_at": "2023-01-05T20:44:08Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-319"
    ]
}

References

Affected packages

Maven / com.openmake:deployhub

Package

Name: com.openmake:deployhub; View open source insights on deps.dev
Purl: pkg:maven/com.openmake/deployhub

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

8.0.14

Affected versions

8.*

8.0.3

8.0.5

8.0.7

8.0.8

8.0.9

8.0.10

8.0.11

8.0.12

8.0.13

8.0.14