2 matches found
Secret displayed without masking by Chef Identity Plugin
Chef Identity Plugin stores the user.pem key in its global configuration file io.chef.jenkins.ChefIdentityBuildWrapper.xml on the Jenkins controller as part of its configuration. While this key is stored encrypted on disk, in Chef Identity Plugin 2.0.3 and earlier the global configuration form do...
PT-2023-26812 · Jenkins · Jenkins Chef Identity Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Chef Identity Plugin versions 2.0.3 and earlier Description: The issue concerns the Jenkins Chef Identity Plugin, where the user.pem key form field is not masked in versions 2.0.3 and earlier. This increases the potential for attacker...