GHSA-rv97-r8f7-8wmg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rv97-r8f7-8wmg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rv97-r8f7-8wmg/GHSA-rv97-r8f7-8wmg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rv97-r8f7-8wmg
- Aliases
- Published
- 2022-05-24T22:00:03Z
- Modified
- 2024-02-16T08:20:02.196873Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Plaintext password storage in Jenkins InfluxDB Plugin
- Details
-
Jenkins InfluxDB Plugin Prior to 1.22 stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- Database specific
{ "nvd_published_at": "2019-05-31T15:29:00Z", "cwe_ids": [ "CWE-256", "CWE-522" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-09-09T00:56:25Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-10329
- https://github.com/jenkinsci/influxdb-plugin/commit/bfc2fcc0d8e6fb6f2dff5a45353abac5cefc0573
- https://github.com/jenkinsci/influxdb-plugin
- https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1403
- http://www.openwall.com/lists/oss-security/2019/05/31/2
- http://www.securityfocus.com/bid/108540
Affected packages
Maven / org.jenkins-ci.plugins:influxdb
Package
- Name
- org.jenkins-ci.plugins:influxdb
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/influxdb