An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00d3g1LWM3MjMteHZ3ds4AAkZv

Credentials stored in plain text by Jenkins Copr Plugin

Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files as part of its configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

Copr Plugin 0.6.1 stores these credentials encrypted. This change is effective once the job configuration is saved the next time.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 10 months ago

CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-4wx5-c723-xvwv, CVE-2020-2177

Affected Packages

Versions: <= 0.3
Fixed in: 0.6.1