1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1065

[JENKINS:SECURITY-1065] Dimensions Plugin stored credentials in plain text

Severity Medium
Affected Packages 2
Fixed Packages 2
Info Packages References

Dimensions Plugin stored a password unencrypted in its global configuration file on the Jenkins controller.
This password could be viewed by users with access to the Jenkins controller file system.

The plugin now stores the password encrypted in the configuration files on disk and no longer transfers it to users viewing the configuration form in plain text.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/dimensionsscm <= 0.8.14
pkg:github/jenkinsci/dimensionsscm-plugin <= 0.8.14
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/dimensionsscm = 0.8.15
pkg:github/jenkinsci/dimensionsscm-plugin = 0.8.15
ID
JENKINS:SECURITY-1065
Severity
medium
Published
2018-09-25T00:00:00
(6 years ago)
Modified
2018-09-25T00:00:00
(6 years ago)
Rights
Jenkins Security Team
Source # ID Name URL
Plugin repository dimensionsscm repository https://github.com/jenkinsci/dimensionsscm-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/dimensionsscm org.jenkins-ci.plugins dimensionsscm <= 0.8.14
Fixed pkg:maven/org.jenkins-ci.plugins/dimensionsscm org.jenkins-ci.plugins dimensionsscm = 0.8.15
Affected pkg:github/jenkinsci/dimensionsscm-plugin jenkinsci dimensionsscm-plugin <= 0.8.14
Fixed pkg:github/jenkinsci/dimensionsscm-plugin jenkinsci dimensionsscm-plugin = 0.8.15