CVE-2017-1000245: Insufficiently Protected Credentials

November 1, 2017 (updated October 3, 2019)

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.

References

nvd.nist.gov/vuln/detail/CVE-2017-1000245

Detect and mitigate CVE-2017-1000245 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →