1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1514

[JENKINS:SECURITY-1514] `inedo-proget` showed plain text password in configuration form

Severity Low
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

inedo-proget stores a service password in its global Jenkins configuration.

While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form.
This could result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.

inedo-proget now encrypts the password transmitted to administrators viewing the global configuration form.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/inedo-proget <= 1.2
pkg:github/jenkinsci/inedo-proget-plugin <= 1.2
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/inedo-proget = 1.3
pkg:github/jenkinsci/inedo-proget-plugin = 1.3
ID
JENKINS:SECURITY-1514
Severity
low
Published
2019-09-25T00:00:00
(5 years ago)
Modified
2019-09-25T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository inedo-proget repository https://github.com/jenkinsci/inedo-proget-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/inedo-proget org.jenkins-ci.plugins inedo-proget <= 1.2
Fixed pkg:maven/org.jenkins-ci.plugins/inedo-proget org.jenkins-ci.plugins inedo-proget = 1.3
Affected pkg:github/jenkinsci/inedo-proget-plugin jenkinsci inedo-proget-plugin <= 1.2
Fixed pkg:github/jenkinsci/inedo-proget-plugin jenkinsci inedo-proget-plugin = 1.3
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date