1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-963

[JENKINS:SECURITY-963] `youtrack-plugin` stored credentials in plain text

Severity Low
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

youtrack-plugin stored credentials unencrypted in its global configuration file org.jenkinsci.plugins.youtrack.YouTrackProjectProperty.xml on the Jenkins controller.
These credentials could be viewed by users with access to the Jenkins controller file system.

youtrack-plugin now stores credentials encrypted.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/youtrack-plugin <= 0.7.1
pkg:github/jenkinsci/youtrack-plugin-plugin <= 0.7.1
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/youtrack-plugin = 0.7.2
pkg:github/jenkinsci/youtrack-plugin-plugin = 0.7.2
ID
JENKINS:SECURITY-963
Severity
low
Published
2019-04-03T00:00:00
(5 years ago)
Modified
2019-04-03T00:00:00
(5 years ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository youtrack-plugin repository https://github.com/jenkinsci/youtrack-plugin-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/youtrack-plugin org.jenkins-ci.plugins youtrack-plugin <= 0.7.1
Fixed pkg:maven/org.jenkins-ci.plugins/youtrack-plugin org.jenkins-ci.plugins youtrack-plugin = 0.7.2
Affected pkg:github/jenkinsci/youtrack-plugin-plugin jenkinsci youtrack-plugin-plugin <= 0.7.1
Fixed pkg:github/jenkinsci/youtrack-plugin-plugin jenkinsci youtrack-plugin-plugin = 0.7.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date