Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787 | Vendor Advisory |
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2787 - Vendor Advisory | |
Summary |
|
Information
Published : 2023-01-26 21:18
Updated : 2024-11-21 07:47
NVD link : CVE-2023-24450
Mitre link : CVE-2023-24450
CVE.ORG link : CVE-2023-24450
JSON object : View
Products Affected
jenkins
- view-cloner
CWE
CWE-312
Cleartext Storage of Sensitive Information