Описание
Credentials transmitted in plain text by Jenkins DeployHub Plugin
DeployHub Plugin stores credentials in job config.xml files as part of its configuration.
While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by DeployHub Plugin 8.0.14 and earlier. These credentials could be viewed by users with Extended Read permission.
Пакеты
Наименование
com.openmake:deployhub
maven
Затронутые версииВерсия исправления
<= 8.0.14
Отсутствует
Связанные уязвимости
CVSS3: 4.3
nvd
почти 6 лет назад
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.