Lucene search
GoogleOSV:GHSA-3P8R-P4Q5-MC44HistoryMay 24, 2022 - 4:56 p.m.
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
2022-05-2416:56:46
Google
osv.dev
7
gitlab plugin
api tokens
unencrypted
configuration files
encrypted
credentials
jenkins controller
EPSS
0.001
Percentile
28.4%
Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Violation Comments to GitLab Plugin now stores these credentials encrypted. Existing jobs need to have their configuration saved for existing plain text credentials to be overwritten.
Related
cvelist
cvelist
CVE-2019-10416
2019-09-25 15:05:33
cve
cve
CVE-2019-10416
2019-09-25 16:15:11
github
github
Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
2022-05-24 16:56:46
prion
prion
Design/Logic Flaw
2019-09-25 16:15:00
osv
osv
CVE-2019-10416
2019-09-25 16:15:11
nvd
nvd
CVE-2019-10416
2019-09-25 16:15:11