Описание
Credentials stored in plain text by debian-package-builder Plugin
debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system.
Пакеты
Наименование
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
maven
Затронутые версииВерсия исправления
<= 1.6.11
Отсутствует
Связанные уязвимости
CVSS3: 4.3
nvd
почти 6 лет назад
Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.