oss-sec mailing list archives
Re: Jenkins plugins -- multiple vulnerabilities
From: Daniel Beck <ml () beckweb net>
Date: Thu, 24 Aug 2017 01:49:17 +0200
On 11. Jul 2017, at 13:52, Daniel Beck <ml () beckweb net> wrote: JENKINS-21436 The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. SSH Plugin now integrates with the Credentials Plugin and existing credentials are migrated.
This has been assigned CVE-2017-1000245
Current thread:
- Jenkins plugins -- multiple vulnerabilities Daniel Beck (Jul 11)
- Re: Jenkins plugins -- multiple vulnerabilities Daniel Beck (Aug 23)
- <Possible follow-ups>
- Jenkins plugins -- multiple vulnerabilities Daniel Beck (Aug 07)