Lucene search
GoogleOSV:GHSA-3FRC-879C-J9H5HistoryMay 24, 2022 - 4:50 p.m.
Jenkins Caliper CI Plugin stores credentials in plain text
2022-05-2416:50:05
Google
osv.dev
5
Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
As of publication of this advisory, there is no fix.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.brianfromoregon:caliper-ci | eq | 2.3 | |
| com.brianfromoregon:caliper-ci | eq | 2.1 | |
| com.brianfromoregon:caliper-ci | eq | 2.2 |
Related
prion
prion
Design/Logic Flaw
2019-07-11 14:15:00
cvelist
cvelist
CVE-2019-10351
2019-07-11 13:55:17
nvd
nvd
CVE-2019-10351
2019-07-11 14:15:11
cve
cve
CVE-2019-10351
2019-07-11 14:15:11
zdi
zdi
github
github
Jenkins Caliper CI Plugin stores credentials in plain text
2022-05-24 16:50:05