1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-MMQX-G78C-HVFJ

[MAVEN:GHSA-MMQX-G78C-HVFJ] Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials

Severity Moderate
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

Jenkins AppDynamics Dashboard Plugin stored username and password in its configuration unencrypted in jobs' config.xml files on the Jenkins controller. This password could be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

While masked from view using a password form field, the password was transferred in plain text to users when accessing the job configuration form.

AppDynamics Dashboard Plugin now stores the password encrypted in the configuration files on disk and no longer transfers it to users viewing the configuration form in plain text. Existing jobs need to have their configuration saved for existing plain text passwords to be overwritten.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/appdynamics-dashboard <= 1.0.14
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/appdynamics-dashboard = 1.0.15
ID
MAVEN:GHSA-MMQX-G78C-HVFJ
Severity
moderate
URL
https://github.com/advisories/GHSA-mmqx-g78c-hvfj
Published
2022-05-13T01:15:09
(2 years ago)
Modified
2023-10-25T23:01:21
(10 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/appdynamics-dashboard org.jenkins-ci.plugins appdynamics-dashboard <= 1.0.14
Fixed pkg:maven/org.jenkins-ci.plugins/appdynamics-dashboard org.jenkins-ci.plugins appdynamics-dashboard = 1.0.15
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date