Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05OWpjLXY4cHEtNnFtNM33Vg
Jenkins Repository Connector Plugin has insufficiently protected credentials
Jenkins Repository Connector Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.
The plugin now stores the password encrypted in the configuration files on disk and no longer transfers it to users viewing the configuration form in plain text.
Permalink: https://github.com/advisories/GHSA-99jc-v8pq-6qm4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OWpjLXY4cHEtNnFtNM33Vg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 6 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-99jc-v8pq-6qm4, CVE-2019-1003038
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003038
- https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958
- https://web.archive.org/web/20200227084009/http://www.securityfocus.com/bid/107476
- https://github.com/advisories/GHSA-99jc-v8pq-6qm4
Affected Packages
maven:org.jenkins-ci.plugins:repository-connector
Affected Version Ranges: <= 1.2.4Fixed in: 1.2.5