Описание
Secret displayed without masking by Chef Identity Plugin
Chef Identity Plugin stores the user.pem key in its global configuration file io.chef.jenkins.ChefIdentityBuildWrapper.xml on the Jenkins controller as part of its configuration.
While this key is stored encrypted on disk, in Chef Identity Plugin 2.0.3 and earlier the global configuration form does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.
Пакеты
Наименование
org.jenkins-ci.plugins:chef-identity
maven
Затронутые версииВерсия исправления
<= 2.0.3
Отсутствует
Связанные уязвимости
CVSS3: 5.3
nvd
больше 2 лет назад
Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.