Описание
Jenkins Maven Release Plug-in Plugin stored credentials in plain text
Jenkins Maven Release Plug-in Plugin stored credentials unencrypted in its global configuration file org.jvnet.hudson.plugins.m2release.M2ReleaseBuildWrapper.xml on the Jenkins controller. These credentials could be viewed by users with access to the Jenkins controller file system.
Maven Release Plug-in Plugin now stores credentials encrypted.
Пакеты
Наименование
org.jenkins-ci.plugins.m2release:m2release
maven
Затронутые версииВерсия исправления
<= 0.14.0
0.15.0
Связанные уязвимости
CVSS3: 5.5
nvd
больше 6 лет назад
Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.