Code injection

2019-12-1715:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.9%

JSON

Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs’ configurations.

CPENameOperatorVersion
sctmexecutorle2.2

CPE	Name	Operator	Version
	sctmexecutor	le	2.2

References

www.openwall.com/lists/oss-security/2019/12/17/1

jenkins.io/security/advisory/2019-12-17/