CVE-2017-1000113
Jenkins Deploy to container Plugin stored plain text passwords in job configuration
5.5
MEDIUM
CVSS 3.1
EPSS 0.01%
描述
The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.
如何修補 CVE-2017-1000113
要修補 CVE-2017-1000113,請將受影響套件升級到下列已修補版本。
- —升級至 1.13 或更新版本
CVE-2017-1000113 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.13
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |