Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00cTQ3LXBoODctZnE0Zs4AAkDS
Passwords stored in plain text by Jenkins Artifactory Plugin
Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password in plain text in the global configuration file org.jfrog.hudson.ArtifactoryBuilder.xml. This password can be viewed by users with access to the Jenkins controller file system.
Artifactory Plugin 3.6.0 now stores the Artifactory server password encrypted. This change is effective once the global configuration is saved the next time.
Permalink: https://github.com/advisories/GHSA-4q47-ph87-fq4fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00cTQ3LXBoODctZnE0Zs4AAkDS
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 6 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-4q47-ph87-fq4f, CVE-2020-2164
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2164
- https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20(1)
- http://www.openwall.com/lists/oss-security/2020/03/25/2
- https://github.com/advisories/GHSA-4q47-ph87-fq4f
Affected Packages
maven:org.jenkins-ci.plugins:artifactory
Affected Version Ranges: < 3.6.0Fixed in: 3.6.0