Описание
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Пакеты
Наименование
org.jenkins-ci.plugins:collabnet
maven
Затронутые версииВерсия исправления
< 2.0.9
2.0.9
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.