Required CVE Record Information
Description
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2273 x_transferred
- openwall.com: [oss-security] 20220315 Multiple vulnerabilities in Jenkins plugins mailing-listx_transferred