PT-2017-10817 · Jenkins · Credentials Plugin+2
Jesse Glick
·
Publicado
2017-10-04
·
Atualizado
2022-05-14
·
CVE-2017-1000113
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Deploy to container Plugin (affected versions not specified)
Description
The issue concerns the storage of passwords in the Deploy to container Plugin. Previously, passwords were stored unencrypted as part of the plugin's configuration, allowing users with local file system access to the Jenkins master or Extended Read access to the jobs to retrieve these passwords. The plugin now integrates with the Credentials Plugin to securely store passwords and automatically migrates existing passwords.
Recommendations
For the Deploy to container Plugin, update the plugin to integrate with the Credentials Plugin to securely store passwords.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Credentials Plugin
Deploy To Container Plugin
Jenkins