Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00d3g1LWM3MjMteHZ3ds4AAkZv
Credentials stored in plain text by Jenkins Copr Plugin
Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml
files as part of its configuration. These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system.
Copr Plugin 0.6.1 stores these credentials encrypted. This change is effective once the job configuration is saved the next time.
Permalink: https://github.com/advisories/GHSA-4wx5-c723-xvwvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00d3g1LWM3MjMteHZ3ds4AAkZv
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: 4 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-4wx5-c723-xvwv, CVE-2020-2177
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2177
- https://jenkins.io/security/advisory/2020-04-16/#SECURITY-1556
- http://www.openwall.com/lists/oss-security/2020/04/16/4
- https://github.com/advisories/GHSA-4wx5-c723-xvwv
Affected Packages
maven:org.fedoraproject.jenkins.plugins:copr
Versions: <= 0.3Fixed in: 0.6.1