Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zcTZwLXI2cnItMjY2eM4AATX4
Jenkins Deploy to container Plugin stored plain text passwords in job configuration
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.
Permalink: https://github.com/advisories/GHSA-3q6p-r6rr-266xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zcTZwLXI2cnItMjY2eM4AATX4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-3q6p-r6rr-266x, CVE-2017-1000113
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000113
- https://jenkins.io/security/advisory/2017-08-07/
- https://github.com/advisories/GHSA-3q6p-r6rr-266x
Affected Packages
maven:org.jenkins-ci.plugins:deploy
Affected Version Ranges: <= 1.12Fixed in: 1.13