GHSA-hx3r-qwxv-5jw9

Опубликовано: 16 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.3

Описание

Client Secret stored in plain text by Jenkins GitLab Authentication Plugin

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

This client secret can be viewed by users with access to the Jenkins controller file system.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:gitlab-oauth

maven

Затронутые версииВерсия исправления

< 1.14

1.14

EPSS

Процентиль: 64%

0.00468

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2022-27206

Дефекты

CWE-311

CWE-522

Связанные уязвимости

CVE-2022-27206

CVSS3: 6.5

nvd

почти 4 года назад

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

EPSS

Процентиль: 64%

0.00468

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2022-27206

Дефекты

CWE-311

CWE-522