Описание
Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
Git Changelog Plugin stored MediaWiki and Jira passwords unencrypted in job config.xml files on the Jenkins controller. These passwords could be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Git Changelog Plugin now stores these passwords encrypted. Existing jobs need to have their configuration saved for existing plain text passwords to be overwritten.
Пакеты
Наименование
de.wellnerbou.jenkins:git-changelog
maven
Затронутые версииВерсия исправления
< 2.18
2.18
Связанные уязвимости
CVSS3: 6.5
nvd
больше 6 лет назад
Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.