11 matches found
GHSA-QJ7P-9HGF-X8J7 Passwords stored in plain text by Harvest SCM Plugin
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Passwords stored in plain text by Harvest SCM Plugin
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Passwords stored in plain text by Harvest SCM Plugin
Harvest SCM Plugin 0.5.1 and earlier stores SCM passwords unencrypted in its global configuration file hudson.plugins.harvest.HarvestSCM.xml and in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission job config.xml only or access ...
CVE-2020-2131
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2130
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...
CVE-2020-2130
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system...
Design/Logic Flaw
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2020-2130
CVE-2020-2130 concerns the Jenkins Harvest SCM Plugin (versions ≤ 0.5.1), where passwords are stored unencrypted in the Jenkins master configuration. The vulnerability, documented across multiple sources (GHSA and OSV/NVD records), states that credentials are kept in plaintext in the global confi...
CVE-2020-2131
The CVE-2020-2131 issue affects Jenkins Harvest SCM Plugin versions 0.5.1 and earlier, where passwords are stored unencrypted in the job config.xml on the Jenkins master. This enables exposure to users with Extended Read permission or anyone with master filesystem access. The connected advisories...
CVE-2020-2131
Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
PT-2020-15339 · Jenkins · Jenkins Harvest Scm Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Harvest SCM Plugin versions 0.5.1 and earlier Description: The issue concerns the storage of passwords in an unencrypted manner within the global configuration file on the Jenkins master. This allows users with access to the master fi...