Описание
Jenkins Gogs Plugin stored credentials in plain text
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Gogs Plugin now stores credentials encrypted.
Пакеты
Наименование
org.jenkins-ci.plugins:gogs-webhook
maven
Затронутые версииВерсия исправления
<= 1.0.14
1.0.15
Связанные уязвимости
CVSS3: 8.8
nvd
больше 6 лет назад
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.