Описание
Fortify Plugin stored credentials in plain text
Fortify Plugin 19.1.29 and earlier stored its proxy server password unencrypted in job config.xml files. This password could be read by users with the Extended Read permission.
Fortify Plugin 19.2.30 now encrypts the proxy server password.
Пакеты
Наименование
org.jenkins-ci.plugins:fortify
maven
Затронутые версииВерсия исправления
<= 19.1.29
19.2.30
Связанные уязвимости
CVSS3: 4.3
nvd
около 6 лет назад
Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.