[MAVEN:GHSA-5JC5-M87X-88FJ] Secret displayed without masking by Chef Identity Plugin
Severity
Low
Affected Packages
1
CVEs
1
Chef Identity Plugin stores the user.pem key in its global configuration file io.chef.jenkins.ChefIdentityBuildWrapper.xml
on the Jenkins controller as part of its configuration.
While this key is stored encrypted on disk, in Chef Identity Plugin 2.0.3 and earlier the global configuration form does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/chef-identity | <= 2.0.3 |
- ID
- MAVEN:GHSA-5JC5-M87X-88FJ
- Severity
- low
- URL
- https://github.com/advisories/GHSA-5jc5-m87x-88fj
- Published
-
2023-07-26T15:30:57
(14 months ago) - Modified
-
2023-11-11T05:04:52
(10 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/chef-identity | org.jenkins-ci.plugins | chef-identity | <= 2.0.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |