Jenkins crittercism-dsym Plugin stores API key in plain text

Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

CVE-2019-10295

Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10295

The CVE refers to the Jenkins crittercism-dsym Plugin storing credentials unencrypted in job config.xml on the Jenkins master/controller. The root cause is credential data kept in plaintext within config.xml, making it viewable by users with Extended Read permission or with access to the master/c...

CVE-2019-10295

Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10295

Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11697 · Jenkins +1 · Jenkins Crittercism-Dsym Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins crittercism-dsym Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be...