GHSA-q2wv-m3pq-xpv9

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.1

Описание

Credentials transmitted in plain text by Skytap Cloud CI Plugin

Skytap Cloud CI Plugin stores credentials in job config.xml files as part of its configuration.

While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by Skytap Cloud CI Plugin 2.07 and earlier. These credentials could be viewed by users with Extended Read permission.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:skytap

maven

Затронутые версииВерсия исправления

<= 2.07

Отсутствует

EPSS

Процентиль: 6%

0.00024

Низкий

3.1 Low

CVSS3

CVE ID

CVE-2020-2157

Дефекты

CWE-319

Связанные уязвимости

CVE-2020-2157

CVSS3: 4.3

nvd

почти 6 лет назад

Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.

EPSS

Процентиль: 6%

0.00024

Низкий

3.1 Low

CVSS3

CVE ID

CVE-2020-2157

Дефекты

CWE-319