CVE-2023-24450

Passwords stored in plain text by Jenkins view-cloner Plugin in maven/org.jenkins-ci.plugins/view-cloner

Identifiers

GHSA-6hw7-x86v-wrgf, CVE-2023-24450

Package Slug

maven/org.jenkins-ci.plugins/view-cloner

Vulnerability

Passwords stored in plain text by Jenkins view-cloner Plugin

Description

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Affected Versions

All versions up to 1.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-27

source