CVE-2017-1000113
Jenkins Deploy to container Plugin stored plain text passwords in job configuration
5.5
MEDIUM
CVSS 3.1
EPSS 0.01%
Description
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.
How to fix CVE-2017-1000113
To remediate CVE-2017-1000113, upgrade the affected package to a fixed version below.
- —upgrade to 1.13 or later
Is CVE-2017-1000113 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.13
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |