Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1obTU3LTRxcHgtZjczNM4AAjx2
Credentials transmitted in plain text by Jenkins DeployHub Plugin
DeployHub Plugin stores credentials in job config.xml files as part of its configuration.
While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by DeployHub Plugin 8.0.14 and earlier. These credentials could be viewed by users with Extended Read permission.
Permalink: https://github.com/advisories/GHSA-hm57-4qpx-f734JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1obTU3LTRxcHgtZjczNM4AAjx2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 3.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Identifiers: GHSA-hm57-4qpx-f734, CVE-2020-2156
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-2156
- https://jenkins.io/security/advisory/2020-03-09/#SECURITY-1511
- http://www.openwall.com/lists/oss-security/2020/03/09/1
- https://github.com/advisories/GHSA-hm57-4qpx-f734
Affected Packages
maven:com.openmake:deployhub
Affected Version Ranges: <= 8.0.14No known fixed version