Re: Jenkins plugins -- multiple vulnerabilities

[Daniel Beck <ml () beckweb net>]

> On 11. Jul 2017, at 13:52, Daniel Beck <ml () beckweb net> wrote:
>
> JENKINS-21436
> The SSH Plugin stores credentials which allow jobs to access remote servers 
> via the SSH protocol. User passwords and passphrases for encrypted SSH keys 
> are stored in plaintext in a configuration file. SSH Plugin now integrates 
> with the Credentials Plugin and existing credentials are migrated.

This has been assigned CVE-2017-1000245