Описание
Passwords stored in plain text by Jenkins Artifactory Plugin
Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password in plain text in the global configuration file org.jfrog.hudson.ArtifactoryBuilder.xml. This password can be viewed by users with access to the Jenkins controller file system.
Artifactory Plugin 3.6.0 now stores the Artifactory server password encrypted. This change is effective once the global configuration is saved the next time.
Пакеты
org.jenkins-ci.plugins:artifactory
< 3.6.0
3.6.0
Связанные уязвимости
Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
Уязвимость компонента org.jfrog.hudson.ArtifactoryBuilder.xml плагина Jenkins Artifactory Plugin, позволяющая нарушителю получить учетные данные