Описание
Credentials transmitted in plain text by Backlog Plugin
Backlog Plugin stores credentials in job config.xml files as part of its configuration.
While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Backlog Plugin 2.4 and earlier. These credentials could be viewed by users with Extended Read permission.
Пакеты
Наименование
org.jenkins-ci.plugins:backlog
maven
Затронутые версииВерсия исправления
< 2.5
2.5
Связанные уязвимости
CVSS3: 4.3
nvd
почти 6 лет назад
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.