GHSA-pxv2-mfq7-vhp6

Suggest an improvement
Source
https://github.com/advisories/GHSA-pxv2-mfq7-vhp6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pxv2-mfq7-vhp6/GHSA-pxv2-mfq7-vhp6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pxv2-mfq7-vhp6
Aliases
Published
2022-05-24T16:56:45Z
Modified
2024-02-16T08:19:07.124144Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Details

Jenkins Inedo BuildMaster Plugin Plugin stores a service password in its global Jenkins configuration.

While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.

Inedo BuildMaster Plugin Plugin now encrypts the password transmitted to administrators viewing the global configuration form.

Database specific
{
    "nvd_published_at": "2019-09-25T16:15:00Z",
    "cwe_ids": [
        "CWE-319"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-26T23:03:41Z"
}
References

Affected packages

Maven / com.inedo.proget:inedo-proget

Package

Name
com.inedo.proget:inedo-proget
View open source insights on deps.dev
Purl
pkg:maven/com.inedo.proget/inedo-proget

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.0

Affected versions

0.*

0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8

1.*

1.0
1.1
1.2
1.3
1.4