GHSA-j8c7-fm85-6jj6

Source
https://github.com/advisories/GHSA-j8c7-fm85-6jj6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j8c7-fm85-6jj6/GHSA-j8c7-fm85-6jj6.json
Aliases
  • CVE-2019-10422
Published
2022-05-24T16:56:46Z
Modified
2023-11-08T04:00:50.803349Z
Details

Call Remote Job Plugin stores a password unencrypted in job config.xml files on the Jenkins controller. This password can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

As of publication of this advisory, there is no fix.

References

Affected packages

Maven / org.ukiuni.callOtherJenkins:call-remote-job-plugin

Package

Name
org.ukiuni.callOtherJenkins:call-remote-job-plugin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
1.0.21

Affected versions

1.*

1.0.12
1.0.13
1.0.14
1.0.16
1.0.18
1.0.19
1.0.20
1.0.21