An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00d3g1LWM3MjMteHZ3ds4AAkZv
Credentials stored in plain text by Jenkins Copr Plugin
Copr Plugin 0.3 and earlier stores credentials unencrypted in job
config.xml files as part of its configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system.
Copr Plugin 0.6.1 stores these credentials encrypted. This change is effective once the job configuration is saved the next time.Permalink: https://github.com/advisories/GHSA-4wx5-c723-xvwv
Source: GitHub Advisory Database
Published: about 1 year ago
Updated: 4 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-4wx5-c723-xvwv, CVE-2020-2177
maven:org.fedoraproject.jenkins.plugins:coprVersions: <= 0.3
Fixed in: 0.6.1