GHSA-q2wv-m3pq-xpv9

Source

https://github.com/advisories/GHSA-q2wv-m3pq-xpv9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q2wv-m3pq-xpv9/GHSA-q2wv-m3pq-xpv9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q2wv-m3pq-xpv9

Aliases

CVE-2020-2157

Published

2022-05-24T17:10:30Z

Modified

2023-11-08T04:02:53.800434Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Credentials transmitted in plain text by Skytap Cloud CI Plugin

Details

Skytap Cloud CI Plugin stores credentials in job config.xml files as part of its configuration.

While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and earlier. These credentials could be viewed by users with Extended Read permission.

Database specific

{
    "nvd_published_at": "2020-03-09T16:15:00Z",
    "github_reviewed_at": "2023-01-05T20:49:29Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-319"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.plugins:skytap

Package

Name: org.jenkins-ci.plugins:skytap; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/skytap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.07

Affected versions

1.*

1.01

1.02

1.03

2.*

2.00

2.01

2.02

2.03

2.04

2.05

2.06

2.07