Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin

2022-05-2416:46:09

Google

osv.dev

0.003 Low

EPSS

Percentile

65.1%

JSON

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

CPENameOperatorVersion
org.jenkins-ci.plugins:credentialseq1.2
org.jenkins-ci.plugins:credentialseq1.7.5
org.jenkins-ci.plugins:credentialseq2.1.0
org.jenkins-ci.plugins:credentialseq1.26
org.jenkins-ci.plugins:credentialseq2.1.8
org.jenkins-ci.plugins:credentialseq1.8
org.jenkins-ci.plugins:credentialseq1.16.1
org.jenkins-ci.plugins:credentialseq1.8.4
org.jenkins-ci.plugins:credentialseq2.1.16
org.jenkins-ci.plugins:credentialseq2.1.17

Name	Operator	Version
org.jenkins-ci.plugins:credentials	eq	1.2
org.jenkins-ci.plugins:credentials	eq	1.7.5
org.jenkins-ci.plugins:credentials	eq	2.1.0
org.jenkins-ci.plugins:credentials	eq	1.26
org.jenkins-ci.plugins:credentials	eq	2.1.8
org.jenkins-ci.plugins:credentials	eq	1.8
org.jenkins-ci.plugins:credentials	eq	1.16.1
org.jenkins-ci.plugins:credentials	eq	1.8.4
org.jenkins-ci.plugins:credentials	eq	2.1.16
org.jenkins-ci.plugins:credentials	eq	2.1.17