Required CVE Record Information
Description
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
References 2 Total
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- jenkins.io: Jenkins Security Advisory 2023-04-12 vendor-advisoryx_transferred
- http://www.openwall.com/lists/oss-security/2023/04/13/3 x_transferred