Описание
Jenkins aws-device-farm Plugin stores credentials in plain text
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsdevicefarm.AWSDeviceFarmRecorder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.
Пакеты
Наименование
org.jenkins-ci.plugins:aws-device-farm
maven
Затронутые версииВерсия исправления
< 1.26
1.26
Связанные уязвимости
CVSS3: 8.8
nvd
почти 7 лет назад
Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.