GHSA-jjmv-6fv4-85vf

Suggest an improvement
Source
https://github.com/advisories/GHSA-jjmv-6fv4-85vf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jjmv-6fv4-85vf/GHSA-jjmv-6fv4-85vf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jjmv-6fv4-85vf
Aliases
  • CVE-2019-10413
Published
2022-05-24T16:56:45Z
Modified
2023-11-08T04:00:50.255669Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials
Details

Data Theorem Mobile Security: CI/CD Plugin stored a proxy password unencrypted in job config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Data Theorem Mobile Security: CI/CD Plugin now stores the proxy password encrypted. Existing jobs need to have their configuration saved for existing plain text proxy passwords to be overwritten.

Database specific 
{
    "nvd_published_at": "2019-09-25T16:15:00Z",
    "github_reviewed_at": "2023-02-23T20:31:28Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-522"
    ]
}
References

Affected packages

Maven / com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security

Package

Name
com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security
View open source insights on deps.dev
Purl
pkg:maven/com.datatheorem.mobileappsecurity.jenkins.plugin/datatheorem-mobile-app-security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0

Affected versions

1.*

1.0.1
1.0.2
1.0.3
1.1.0
1.2.0
1.3