Lucene search
PRIOn knowledge basePRION:CVE-2017-1000387HistoryJan 26, 2018 - 2:29 a.m.
Cross site scripting
2018-01-2602:29:00
PRIOn knowledge base
www.prio-n.com
3
Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| build-publisher | le | 1.21 |
Related
osv
osv
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials
2022-05-13 01:41:14
CVE-2017-1000387
2018-01-26 02:29:00
cvelist
cvelist
CVE-2017-1000387
2018-01-26 02:00:00
cve
cve
CVE-2017-1000387
2018-01-26 02:29:00
nvd
nvd
CVE-2017-1000387
2018-01-26 02:29:00
veracode
veracode
Unencrypted Password Store
2018-01-29 00:18:19
github
github
Jenkins Build-Publisher plugin has Insufficiently Protected Credentials
2022-05-13 01:41:14