Credential Exposure Affecting org.jenkins-ci.plugins:openshift-deployer package, versions [0,]
Snyk CVSS
Attack Complexity
High
User Interaction
Required
Threat Intelligence
EPSS
0.09% (38th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-559577
- published 10 Mar 2020
- disclosed 9 Mar 2020
- credit James Holderness, IB Boost
Introduced: 9 Mar 2020
CVE-2020-2155 Open this link in a new tabHow to fix?
There is no fixed version for org.jenkins-ci.plugins:openshift-deployer
.
Overview
org.jenkins-ci.plugins:openshift-deployer is a package that adds the ability to create gears and deploy applications to OpenShift.
Affected versions of this package are vulnerable to Credential Exposure. It transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.