[JENKINS:SECURITY-1038] OSF Builder Suite For Salesforce Commerce Cloud :: Deploy Plugin stored password in plain text
Severity
Low
Affected Packages
2
Fixed Packages
2
OSF Builder Suite For Salesforce Commerce Cloud : : Deploy Plugin stored the HTTP proxy username and password in its configuration unencrypted in its global configuration file on the Jenkins controller.
This password could be viewed by users with access to the Jenkins controller file system.
The plugin now integrates with plugin:credentials[Credentials Plugin] to store the HTTP proxy credentials.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/osf-builder-suite-for-sfcc-deploy | <= 1.0.10 |
pkg:github/jenkinsci/osf-builder-suite-for-sfcc-deploy-plugin | <= 1.0.10 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/osf-builder-suite-for-sfcc-deploy | = 1.0.11 |
pkg:github/jenkinsci/osf-builder-suite-for-sfcc-deploy-plugin | = 1.0.11 |
- ID
- JENKINS:SECURITY-1038
- Severity
- low
- Published
-
2019-03-06T00:00:00
(5 years ago) - Modified
-
2019-03-06T00:00:00
(5 years ago) - Rights
- Jenkins Security Team
Source | # ID | Name | URL |
---|---|---|---|
Plugin repository | osf-builder-suite-for-sfcc-deploy repository | https://github.com/jenkinsci/osf-builder-suite-for-sfcc-deploy-plugin |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/osf-builder-suite-for-sfcc-deploy | org.jenkins-ci.plugins | osf-builder-suite-for-sfcc-deploy | <= 1.0.10 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/osf-builder-suite-for-sfcc-deploy | org.jenkins-ci.plugins | osf-builder-suite-for-sfcc-deploy | = 1.0.11 | |||
Affected | pkg:github/jenkinsci/osf-builder-suite-for-sfcc-deploy-plugin | jenkinsci | osf-builder-suite-for-sfcc-deploy-plugin | <= 1.0.10 | |||
Fixed | pkg:github/jenkinsci/osf-builder-suite-for-sfcc-deploy-plugin | jenkinsci | osf-builder-suite-for-sfcc-deploy-plugin | = 1.0.11 |