Stored credentials unencrypted in Jenkins Mashup Portlets Plugin

2022-05-2416:50:03

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON

Jenkins Mashup Portlets Plugin stored credentials unencrypted on the Jenkins master where they can be viewed by users with access to the master file system.

CPENameOperatorVersion
javagh.jenkins:mashup-portlets-plugineq1.0.8
javagh.jenkins:mashup-portlets-plugineq1.0.2
javagh.jenkins:mashup-portlets-plugineq1.0.4
javagh.jenkins:mashup-portlets-plugineq1.0.1
javagh.jenkins:mashup-portlets-plugineq1.0.9
javagh.jenkins:mashup-portlets-plugineq1.0.7
javagh.jenkins:mashup-portlets-plugineq1.0.5
javagh.jenkins:mashup-portlets-plugineq1.0.0
javagh.jenkins:mashup-portlets-plugineq0.9
javagh.jenkins:mashup-portlets-plugineq0.9.1

Name	Operator	Version
javagh.jenkins:mashup-portlets-plugin	eq	1.0.8
javagh.jenkins:mashup-portlets-plugin	eq	1.0.2
javagh.jenkins:mashup-portlets-plugin	eq	1.0.4
javagh.jenkins:mashup-portlets-plugin	eq	1.0.1
javagh.jenkins:mashup-portlets-plugin	eq	1.0.9
javagh.jenkins:mashup-portlets-plugin	eq	1.0.7
javagh.jenkins:mashup-portlets-plugin	eq	1.0.5
javagh.jenkins:mashup-portlets-plugin	eq	1.0.0
javagh.jenkins:mashup-portlets-plugin	eq	0.9
javagh.jenkins:mashup-portlets-plugin	eq	0.9.1