Описание
An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.0 (включая)
cpe:2.3:a:atlassian:crowd2:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 14%
0.00046
Низкий
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Jenkins Crowd 2 Integration Plugin stored credentials in plain text
EPSS
Процентиль: 14%
0.00046
Низкий
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522