Описание
Plaintext storage in Jenkins instant-messaging Plugin
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Пакеты
Наименование
org.jvnet.hudson.plugins:instant-messaging
maven
Затронутые версииВерсия исправления
< 1.42
1.42
Связанные уязвимости
CVSS3: 6.5
nvd
почти 4 года назад
Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.