Lucene search

GoogleOSV:GHSA-VP26-4HJ6-JRVX

HistoryMay 24, 2022 - 4:51 p.m.

Skytap Cloud CI Plugin stored credentials in plain text

2022-05-2416:51:52

Google

osv.dev

skytap cloud

jenkins

plain text

credentials

security

software

AI Score

6.5

Confidence

High

EPSS

0.004

Percentile

72.5%

JSON

Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

References

www.openwall.com/lists/oss-security/2019/07/31/1

github.com/jenkinsci/skytap-cloud-plugin

github.com/jenkinsci/skytap-cloud-plugin/commit/167986a84d1d15b525eaf0232b1c1a7c47aef670

jenkins.io/security/advisory/2019-07-31/#SECURITY-1429

nvd.nist.gov/vuln/detail/CVE-2019-10366

www.zerodayinitiative.com/advisories/ZDI-19-833