Описание
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:jenkins:configuration_as_code:0.1:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.2:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.3:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.4:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.5:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.6:alpha:*:*:*:jenkins:*:*
cpe:2.3:a:jenkins:configuration_as_code:0.7:alpha:*:*:*:jenkins:*:*
EPSS
Процентиль: 16%
0.00051
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials
EPSS
Процентиль: 16%
0.00051
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-522