CVE-2017-1000113

{"id": "CVE-2017-1000113", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-10-05T01:29:04.510", "references": [{"url": "https://jenkins.io/security/advisory/2017-08-07/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jenkins.io/security/advisory/2017-08-07/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords."}, {"lang": "es", "value": "El plugin Deploy to container almacenaba las contrase\u00f1as sin cifrar como parte de su configuraci\u00f3n. Esto permit\u00eda que los usuarios con acceso al sistema de archivos local de Jenkins o los usuarios con acceso Extended Read a las tareas en las que se usa recuperen esas contrase\u00f1as. El plugin Deploy to container ahora se integra con el plugin Credentials para almacenar las contrase\u00f1as de forma segura y migra autom\u00e1ticamente las contrase\u00f1as existentes."}], "lastModified": "2024-11-21T03:04:11.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:deploy:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "65AD6881-BF45-4CE2-8C3D-0A011953841F", "versionEndIncluding": "1.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}