1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-831

[JENKINS:SECURITY-831] `aws-beanstalk-publisher-plugin` stores credentials in plain text

Severity Low
Affected Packages 2
CVEs 1
Info Packages References Vulnerabilities

aws-beanstalk-publisher-plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsbeanstalkpublisher.AWSEBPublisher.xml on the Jenkins controller.
These credentials can be viewed by users with access to the Jenkins controller file system.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/aws-beanstalk-publisher-plugin <= 1.7.4
pkg:github/jenkinsci/aws-beanstalk-publisher-plugin-plugin <= 1.7.4
ID
JENKINS:SECURITY-831
Severity
low
Published
2019-04-03T00:00:00
(5 years ago)
Modified
2019-04-03T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository aws-beanstalk-publisher-plugin repository https://github.com/jenkinsci/aws-beanstalk-publisher-plugin-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/aws-beanstalk-publisher-plugin org.jenkins-ci.plugins aws-beanstalk-publisher-plugin <= 1.7.4
Affected pkg:github/jenkinsci/aws-beanstalk-publisher-plugin-plugin jenkinsci aws-beanstalk-publisher-plugin-plugin <= 1.7.4
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date