Lucene search
GoogleOSV:GHSA-WCHH-WVPX-PF47HistoryMay 13, 2022 - 1:17 a.m.
Jenkins Upload to pgyer Plugin stores credentials in plain text
2022-05-1301:17:42
Google
osv.dev
4
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
References
www.openwall.com/lists/oss-security/2019/04/12/2
www.securityfocus.com/bid/107790
github.com/jenkinsci/upload-pgyer-plugin
github.com/jenkinsci/upload-pgyer-plugin/commit/af4e89754c31a0d71b98d3f360088e8dae36a313
jenkins.io/security/advisory/2019-04-03/#SECURITY-1044
nvd.nist.gov/vuln/detail/CVE-2019-1003089
Related
prion
prion
Information disclosure
2019-04-04 16:29:00
cve
cve
CVE-2019-1003089
2019-04-04 16:29:01
osv
osv
CVE-2019-1003089
2019-04-04 16:29:01
nvd
nvd
CVE-2019-1003089
2019-04-04 16:29:01
cvelist
cvelist
CVE-2019-1003089
2019-04-04 15:38:49
github
github
Jenkins Upload to pgyer Plugin stores credentials in plain text
2022-05-13 01:17:42