Описание
Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.13 (включая)
cpe:2.3:a:jenkins:consul_kv_builder:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-312
CWE-312
Связанные уязвимости
CVSS3: 4.3
github
почти 3 года назад
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted
EPSS
Процентиль: 19%
0.0006
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-312
CWE-312