[JENKINS:SECURITY-1065] Dimensions Plugin stored credentials in plain text
Severity
Medium
Affected Packages
2
Fixed Packages
2
Dimensions Plugin stored a password unencrypted in its global configuration file on the Jenkins controller.
This password could be viewed by users with access to the Jenkins controller file system.
The plugin now stores the password encrypted in the configuration files on disk and no longer transfers it to users viewing the configuration form in plain text.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/dimensionsscm | <= 0.8.14 |
pkg:github/jenkinsci/dimensionsscm-plugin | <= 0.8.14 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/dimensionsscm | = 0.8.15 |
pkg:github/jenkinsci/dimensionsscm-plugin | = 0.8.15 |
- ID
- JENKINS:SECURITY-1065
- Severity
- medium
- Published
-
2018-09-25T00:00:00
(6 years ago) - Modified
-
2018-09-25T00:00:00
(6 years ago) - Rights
- Jenkins Security Team
Source | # ID | Name | URL |
---|---|---|---|
Plugin repository | dimensionsscm repository | https://github.com/jenkinsci/dimensionsscm-plugin |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/dimensionsscm | org.jenkins-ci.plugins | dimensionsscm | <= 0.8.14 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/dimensionsscm | org.jenkins-ci.plugins | dimensionsscm | = 0.8.15 | |||
Affected | pkg:github/jenkinsci/dimensionsscm-plugin | jenkinsci | dimensionsscm-plugin | <= 0.8.14 | |||
Fixed | pkg:github/jenkinsci/dimensionsscm-plugin | jenkinsci | dimensionsscm-plugin | = 0.8.15 |