GHSA-wphq-j78p-fhgp

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 3.3

Описание

Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin

Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file org.jenkinsci.plugins.ParameterizedRemoteTrigger.RemoteBuildConfiguration.xml on the Jenkins controller as part of its configuration. This secret can be viewed by attackers with access to the Jenkins controller file system.

Parameterized Remote Trigger Plugin 3.1.4 stores the secret encrypted once its configuration is saved again.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:Parameterized-Remote-Trigger

maven

Затронутые версииВерсия исправления

<= 3.1.3

3.1.4

EPSS

Процентиль: 15%

0.00048

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2020-2239

Дефекты

CWE-256

CWE-311

Связанные уязвимости

CVE-2020-2239

CVSS3: 4.3

nvd

больше 5 лет назад

Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.

EPSS

Процентиль: 15%

0.00048

Низкий

3.3 Low

CVSS3

CVE ID

CVE-2020-2239

Дефекты

CWE-256

CWE-311