GHSA-XJRR-5JPV-V6MW Jenkins CloudFormation Plugin stores credentials in plain text

Jenkins CloudFormation Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. A fix was released for this issue...

CloudBees Jenkins jenkins-cloudformation-plugin Plugin Trust Management Issue Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . jenkins-cloudformation-plugin Plugin is used in o...

CVE-2019-1003061

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003061

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-1003061

CVE-2019-1003061 affects the Jenkins ecosystem via the jenkins-cloudformation-plugin, which stores credentials unencrypted in job config.xml files on the Jenkins master/controller. The root cause described across multiple connected records is that credentials are kept in plain text, enabling view...

PT-2019-11351 · Jenkins · Jenkins-Cloudformation-Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins jenkins-cloudformation-plugin Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. These credentials ca...