GHSA-c4fr-gx5w-8qf2

Опубликовано: 17 мая 2022

Источник: github

Github: Прошло ревью

CVSS4: 5.1

Описание

Jenkins Subversion Plugin Stores Credentials with Base64 Encoding

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:subversion

maven

Затронутые версииВерсия исправления

< 1.54

1.54

EPSS

Процентиль: 19%

0.00061

Низкий

5.1 Medium

CVSS4

CVE ID

CVE-2013-6372

Дефекты

CWE-326

Связанные уязвимости

CVE-2013-6372

ubuntu

больше 11 лет назад

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

CVE-2013-6372

redhat

около 12 лет назад

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

CVE-2013-6372

nvd

больше 11 лет назад

The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.

CVE-2013-6372

debian

больше 11 лет назад

The Subversion plugin before 1.54 for Jenkins stores credentials using ...

EPSS

Процентиль: 19%

0.00061

Низкий

5.1 Medium

CVSS4

CVE ID

CVE-2013-6372

Дефекты

CWE-326