1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-1556

[JENKINS:SECURITY-1556] Credentials stored in plain text by `copr`

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

copr 0.3 and earlier stores credentials unencrypted in job config.xml files as part of its configuration.
These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system.

copr 0.6.1 stores these credentials encrypted.
This change is effective once the job configuration is saved the next time.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/copr <= 0.3
pkg:github/jenkinsci/copr-plugin <= 0.3
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/copr = 0.6.1
pkg:github/jenkinsci/copr-plugin = 0.6.1
ID
JENKINS:SECURITY-1556
Severity
medium
Published
2020-04-16T00:00:00
(4 years ago)
Modified
2020-04-16T00:00:00
(4 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository copr repository https://github.com/jenkinsci/copr-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/copr org.jenkins-ci.plugins copr <= 0.3
Fixed pkg:maven/org.jenkins-ci.plugins/copr org.jenkins-ci.plugins copr = 0.6.1
Affected pkg:github/jenkinsci/copr-plugin jenkinsci copr-plugin <= 0.3
Fixed pkg:github/jenkinsci/copr-plugin jenkinsci copr-plugin = 0.6.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date