Jenkins Repository Connector Plugin has insufficiently protected credentials

2022-05-1301:15:07

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Jenkins Repository Connector Plugin stored the username and password in its configuration unencrypted in its global configuration file on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.

The plugin now stores the password encrypted in the configuration files on disk and no longer transfers it to users viewing the configuration form in plain text.

CPENameOperatorVersion
org.jenkins-ci.plugins:repository-connectoreq1.2.4
org.jenkins-ci.plugins:repository-connectoreq1.1.1
org.jenkins-ci.plugins:repository-connectoreq1.2.3
org.jenkins-ci.plugins:repository-connectoreq1.1.0
org.jenkins-ci.plugins:repository-connectoreq1.0.1
org.jenkins-ci.plugins:repository-connectoreq1.1.3
org.jenkins-ci.plugins:repository-connectoreq1.0.0
org.jenkins-ci.plugins:repository-connectoreq1.1.2

Name	Operator	Version
org.jenkins-ci.plugins:repository-connector	eq	1.2.4
org.jenkins-ci.plugins:repository-connector	eq	1.1.1
org.jenkins-ci.plugins:repository-connector	eq	1.2.3
org.jenkins-ci.plugins:repository-connector	eq	1.1.0
org.jenkins-ci.plugins:repository-connector	eq	1.0.1
org.jenkins-ci.plugins:repository-connector	eq	1.1.3
org.jenkins-ci.plugins:repository-connector	eq	1.0.0
org.jenkins-ci.plugins:repository-connector	eq	1.1.2