Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text
Low severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Oct 26, 2023
Package
Affected versions
<= 1.24
Patched versions
None
Description
Published by the National Vulnerability Database
Apr 4, 2019
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Oct 26, 2023
Last updated
Oct 26, 2023
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials unencrypted in its global configuration file
org.jenkinsci.plugins.relution_publisher.configuration.global.StoreConfiguration.xml
on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.References