Jenkins Crowd 2 Integration Plugin stored credentials in plain text

2022-05-1301:18:46

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.

CPENameOperatorVersion
org.jenkins-ci.plugins:crowd2eq1.2
org.jenkins-ci.plugins:crowd2eq1.7
org.jenkins-ci.plugins:crowd2eq2.0.0-beta3
org.jenkins-ci.plugins:crowd2eq1.4
org.jenkins-ci.plugins:crowd2eq1.8
org.jenkins-ci.plugins:crowd2eq2.0.0-beta2
org.jenkins-ci.plugins:crowd2eq2.0.0
org.jenkins-ci.plugins:crowd2eq2.0.0-beta1
org.jenkins-ci.plugins:crowd2eq1.0
org.jenkins-ci.plugins:crowd2eq1.3

Name	Operator	Version
org.jenkins-ci.plugins:crowd2	eq	1.2
org.jenkins-ci.plugins:crowd2	eq	1.7
org.jenkins-ci.plugins:crowd2	eq	2.0.0-beta3
org.jenkins-ci.plugins:crowd2	eq	1.4
org.jenkins-ci.plugins:crowd2	eq	1.8
org.jenkins-ci.plugins:crowd2	eq	2.0.0-beta2
org.jenkins-ci.plugins:crowd2	eq	2.0.0
org.jenkins-ci.plugins:crowd2	eq	2.0.0-beta1
org.jenkins-ci.plugins:crowd2	eq	1.0
org.jenkins-ci.plugins:crowd2	eq	1.3