Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins…
jenkins·CWE-256·Published 2022-06-30
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file `de.codecentric.jenkins.dashboard.DashboardView.xml` on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system.
Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file `de.codecentric.jenkins.dashboard.DashboardView.xml` on the Jenkins controller as part of its configuration. This password can be viewed by users with access to the Jenkins controller file system.
Jenkins Deployment Dashboard Plugin versiones 1.0.10 y anteriores, almacena una contraseña sin cifrar en su archivo de configuración global en el controlador Jenkins donde puede ser visualizada por usuarios con acceso al sistema de archivos del controlador Jenkins
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.0 | 8.0 | 2.9 | AV:N/AC:L/Au:S/C:P/I:N/A:N |
| 3.1 | Primary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Secondary | GHSA | 3.3 | — | — | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |