Plaintext Storage of a Password in Jenkins Configuration as Code Plugin

2022-05-2416:51:50

Google

osv.dev

0.0004 Low

EPSS

Percentile

12.7%

JSON

Jenkins Configuration as Code Plugin prior to version 1.25 did not treat the proxy password as a secret to be masked when logging or encrypted for export.

CPENameOperatorVersion
io.jenkins:configuration-as-codeeq1.17
io.jenkins:configuration-as-codeeq1.21
io.jenkins:configuration-as-codeeq1.0-rc3
io.jenkins:configuration-as-codeeq1.9
io.jenkins:configuration-as-codeeq1.2
io.jenkins:configuration-as-codeeq1.0-rc2
io.jenkins:configuration-as-codeeq0.10-alpha
io.jenkins:configuration-as-codeeq1.8
io.jenkins:configuration-as-codeeq1.12
io.jenkins:configuration-as-codeeq1.19

Name	Operator	Version
io.jenkins:configuration-as-code	eq	1.17
io.jenkins:configuration-as-code	eq	1.21
io.jenkins:configuration-as-code	eq	1.0-rc3
io.jenkins:configuration-as-code	eq	1.9
io.jenkins:configuration-as-code	eq	1.2
io.jenkins:configuration-as-code	eq	1.0-rc2
io.jenkins:configuration-as-code	eq	0.10-alpha
io.jenkins:configuration-as-code	eq	1.8
io.jenkins:configuration-as-code	eq	1.12
io.jenkins:configuration-as-code	eq	1.19