1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-836

[JENKINS:SECURITY-836] `jira-ext` stored credentials in plain text

Severity Low
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

jira-ext stored credentials unencrypted in its global configuration file hudson.plugins.jira.JiraProjectProperty.xml on the Jenkins controller.
These credentials could be viewed by users with access to the Jenkins controller file system.

jira-ext now stores credentials encrypted.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/jira-ext <= 0.8
pkg:github/jenkinsci/jira-ext-plugin <= 0.8
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/jira-ext = 0.9
pkg:github/jenkinsci/jira-ext-plugin = 0.9
ID
JENKINS:SECURITY-836
Severity
low
Published
2019-04-17T00:00:00
(5 years ago)
Modified
2019-04-17T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository jira-ext repository https://github.com/jenkinsci/jira-ext-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/jira-ext org.jenkins-ci.plugins jira-ext <= 0.8
Fixed pkg:maven/org.jenkins-ci.plugins/jira-ext org.jenkins-ci.plugins jira-ext = 0.9
Affected pkg:github/jenkinsci/jira-ext-plugin jenkinsci jira-ext-plugin <= 0.8
Fixed pkg:github/jenkinsci/jira-ext-plugin jenkinsci jira-ext-plugin = 0.9
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date