Password stored in plain text by ECX Copy Data Management Plugin
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Oct 26, 2023
Package
Affected versions
<= 1.9
Patched versions
None
Description
Published by the National Vulnerability Database
Feb 12, 2020
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Jan 5, 2023
Last updated
Oct 26, 2023
Credits
-
NotMyFault Analyst
Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
References