An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jZ2hnLWpjdjYtNHY1bc4AASj5

Jenkins Coverity Plugin has Insufficiently Protected Credentials

A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords. The Coverity Plugin 1.11.0 integrates with Credentials Plugin to store passwords, and automatically migrates existing passwords.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: 10 months ago

CVSS Score: 2.7
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-cghg-jcv6-4v5m, CVE-2018-1000104

Affected Packages

Versions: <= 1.10.0
Fixed in: 1.11.0