PT-2018-9283 · Jenkins · Jenkins Coverity Plugin+1

Steve Marlowe

Publicado

2018-03-13

Atualizado

2022-05-13

CVE-2018-1000104

CVSS v3.1

2.7

Baixa

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Jenkins Coverity Plugin versions 1.10.0 and earlier

Description: A plaintext storage of a password issue exists in CIMInstance.java, allowing an attacker with local file system access or control of a Jenkins administrator's web browser to retrieve the configured keystore and private key passwords.

Recommendations: For Jenkins Coverity Plugin versions 1.10.0 and earlier, update to version 1.11.0, which integrates with Credentials Plugin to securely store passwords and automatically migrates existing passwords.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2018-1000104

GHSA-CGHG-JCV6-4V5M

Produtos afetados

Jenkins

Jenkins Coverity Plugin

PT-2018-9283 · Jenkins · Jenkins Coverity Plugin+1

CVE-2018-1000104

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6