Token stored in plain text by DigitalOcean Plugin

2022-05-2417:08:47

Google

osv.dev

0.001 Low

EPSS

Percentile

22.0%

JSON

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system.

CPENameOperatorVersion
com.dubture.jenkins:digitalocean-plugineq0.8
com.dubture.jenkins:digitalocean-plugineq0.9
com.dubture.jenkins:digitalocean-plugineq0.3
com.dubture.jenkins:digitalocean-plugineq0.12
com.dubture.jenkins:digitalocean-plugineq0.4.1
com.dubture.jenkins:digitalocean-plugineq0.5
com.dubture.jenkins:digitalocean-plugineq0.17
com.dubture.jenkins:digitalocean-plugineq0.18
com.dubture.jenkins:digitalocean-plugineq0.19.1
com.dubture.jenkins:digitalocean-plugineq0.7

Name	Operator	Version
com.dubture.jenkins:digitalocean-plugin	eq	0.8
com.dubture.jenkins:digitalocean-plugin	eq	0.9
com.dubture.jenkins:digitalocean-plugin	eq	0.3
com.dubture.jenkins:digitalocean-plugin	eq	0.12
com.dubture.jenkins:digitalocean-plugin	eq	0.4.1
com.dubture.jenkins:digitalocean-plugin	eq	0.5
com.dubture.jenkins:digitalocean-plugin	eq	0.17
com.dubture.jenkins:digitalocean-plugin	eq	0.18
com.dubture.jenkins:digitalocean-plugin	eq	0.19.1
com.dubture.jenkins:digitalocean-plugin	eq	0.7