[JENKINS:SECURITY-1556] Credentials stored in plain text by `copr`
Severity
Medium
Affected Packages
2
Fixed Packages
2
CVEs
1
copr
0.3 and earlier stores credentials unencrypted in job config.xml
files as part of its configuration.
These credentials can be viewed by users with Extended Read permission or access to the Jenkins controller file system.
copr
0.6.1 stores these credentials encrypted.
This change is effective once the job configuration is saved the next time.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/copr | <= 0.3 |
pkg:github/jenkinsci/copr-plugin | <= 0.3 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/copr | = 0.6.1 |
pkg:github/jenkinsci/copr-plugin | = 0.6.1 |
- ID
- JENKINS:SECURITY-1556
- Severity
- medium
- Published
-
2020-04-16T00:00:00
(4 years ago) - Modified
-
2020-04-16T00:00:00
(4 years ago) - Rights
- Jenkins Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Plugin repository | copr repository | https://github.com/jenkinsci/copr-plugin |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/copr | org.jenkins-ci.plugins | copr | <= 0.3 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/copr | org.jenkins-ci.plugins | copr | = 0.6.1 | |||
Affected | pkg:github/jenkinsci/copr-plugin | jenkinsci | copr-plugin | <= 0.3 | |||
Fixed | pkg:github/jenkinsci/copr-plugin | jenkinsci | copr-plugin | = 0.6.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |