GHSA-wchh-wvpx-pf47
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wchh-wvpx-pf47
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wchh-wvpx-pf47/GHSA-wchh-wvpx-pf47.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wchh-wvpx-pf47
- Aliases
- Published
- 2022-05-13T01:17:42Z
- Modified
- 2024-02-16T08:15:22.041301Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Jenkins Upload to pgyer Plugin stores credentials in plain text
- Details
-
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- Database specific
{ "nvd_published_at": "2019-04-04T16:29:00Z", "cwe_ids": [ "CWE-311" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-09T21:59:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003089
- https://github.com/jenkinsci/upload-pgyer-plugin/commit/af4e89754c31a0d71b98d3f360088e8dae36a313
- https://github.com/jenkinsci/upload-pgyer-plugin
- https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044
- http://www.openwall.com/lists/oss-security/2019/04/12/2
- http://www.securityfocus.com/bid/107790
Affected packages
Maven / ren.helloworld:upload-pgyer
Package
- Name
- ren.helloworld:upload-pgyer
- View open source insights on deps.dev
- Purl
- pkg:maven/ren.helloworld/upload-pgyer