Описание
Stored credentials unencrypted in Jenkins Mashup Portlets Plugin
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10347
- https://github.com/jenkinsci/mashup-portlets-plugin/commit/05eb9bfd5c758c8c477ce6bd4315fd65d83e9a0a
- https://jenkins.io/security/advisory/2019-07-11/#SECURITY-775
- http://www.openwall.com/lists/oss-security/2019/07/11/4
- http://www.securityfocus.com/bid/109156
Пакеты
Наименование
javagh.jenkins:mashup-portlets-plugin
maven
Затронутые версииВерсия исправления
<= 1.0.9
1.1.0
Связанные уязвимости
CVSS3: 8.8
nvd
больше 6 лет назад
Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.