GHSA-xqf6-5grh-6223
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xqf6-5grh-6223
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xqf6-5grh-6223/GHSA-xqf6-5grh-6223.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xqf6-5grh-6223
- Aliases
- Published
- 2022-05-24T17:12:40Z
- Modified
- 2023-12-06T01:00:21.589886Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Passwords transmitted in plain text by Jenkins Artifactory Plugin
- Details
-
Jenkins Artifactory Plugin 3.6.0 and earlier stores Artifactory server passwords in its global configuration file
org.jfrog.hudson.ArtifactoryBuilder.xmlon the Jenkins controller as part of its configuration.While the password is stored encrypted on disk since Artifactory Plugin 3.6.0, it is transmitted in plain text as part of the configuration form by Artifactory Plugin 3.6.0 and earlier. This can result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.
Artifactory Plugin 3.6.1 transmits the password in its global configuration encrypted.
- Database specific
{ "nvd_published_at": "2020-03-25T17:15:00Z", "github_reviewed_at": "2022-12-22T13:56:42Z", "severity": "LOW", "github_reviewed": true, "cwe_ids": [ "CWE-319", "CWE-522" ] }- References
Affected packages
Maven / org.jenkins-ci.plugins:artifactory
Package
- Name
- org.jenkins-ci.plugins:artifactory
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/artifactory
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.1
Affected versions
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.3.0
2.3.1
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.5.0
2.5.1
2.6.0
2.7.0
2.7.1
2.7.2
2.8.0
2.8.1
2.8.2
2.9.0
2.9.1
2.9.2
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.11.0
2.12.0
2.12.1
2.12.2
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.16.0
2.16.1
2.16.2
3.*
3.0.0
3.1.0
3.1.1
3.1.2
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.3.0
3.3.1
3.3.2
3.4.0
3.4.1
3.5.0
3.6.0