CloudBees Jenkins Crowd 2 Integration Plugin Storing Credentials in Plain Text Format Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. It is mainly used to monitor continuous software version release/testing projects and some timed tasks.Crowd 2 Integration Plugin is used in which a Authentication Plugin. A...

CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings...

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...

CVE-2018-1000423

The CVE-2018-1000423 entry concerns Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier, where credentials used to connect to Crowd 2 are stored in the plugin and can be accessed if an attacker has local filesystem access. The affected components are CrowdSecurityRealm.java and CrowdConfiguratio...

CVE-2018-1000422

CVE-2018-1000422 affects Jenkins Crowd 2 Integration Plugin up to version 2.0.0. The vulnerability resides in CrowdSecurityRealm.java and enables an attacker to cause Jenkins to perform a connection test to an attacker‑specified server using attacker‑specified credentials and connection settings....

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2...