CVE-2020-2125
LOW3.3EPSS 0.03%Credentials stored in plain text by debian-package-builder Plugin
發布日:2022/5/24修改日:2024/2/16
描述
debian-package-builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file `ru.yandex.jenkins.plugins.debuilder.DebianPackageBuilder.xml` on the Jenkins controller. This credential can be viewed by users with access to the Jenkins controller file system.
受影響套件(1)
- Maven/ru.yandex.jenkins.plugins.debuilder:debian-package-builderfrom 0, <= 1.6.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |