1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-775

[JENKINS:SECURITY-775] `mashup-portlets-plugin` stored credentials in plain text

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

mashup-portlets-plugin stored SonarQube credentials unencrypted on the Jenkins controller.
These credentials could be viewed by users with access to the Jenkins controller file system.

mashup-portlets-plugin now stores these credentials encrypted.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/mashup-portlets-plugin <= 1.0.9
pkg:github/jenkinsci/mashup-portlets-plugin-plugin <= 1.0.9
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/mashup-portlets-plugin = 1.1.0
pkg:github/jenkinsci/mashup-portlets-plugin-plugin = 1.1.0
ID
JENKINS:SECURITY-775
Severity
medium
Published
2019-07-11T00:00:00
(5 years ago)
Modified
2019-07-11T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository mashup-portlets-plugin repository https://github.com/jenkinsci/mashup-portlets-plugin-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/mashup-portlets-plugin org.jenkins-ci.plugins mashup-portlets-plugin <= 1.0.9
Fixed pkg:maven/org.jenkins-ci.plugins/mashup-portlets-plugin org.jenkins-ci.plugins mashup-portlets-plugin = 1.1.0
Affected pkg:github/jenkinsci/mashup-portlets-plugin-plugin jenkinsci mashup-portlets-plugin-plugin <= 1.0.9
Fixed pkg:github/jenkinsci/mashup-portlets-plugin-plugin jenkinsci mashup-portlets-plugin-plugin = 1.1.0
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date