Password stored in plain text by Dynamic Extended Choice Parameter Plugin
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Oct 26, 2023
Package
Affected versions
<= 1.0.1
Patched versions
None
Description
Published by the National Vulnerability Database
Feb 12, 2020
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Jan 14, 2023
Last updated
Oct 26, 2023
Credits
-
NotMyFault Analyst
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.
References