Unprotected Storage of Credentials Affecting org.jenkins-ci.plugins:whitesource package, versions [0,]
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGJENKINSCIPLUGINS-575279
- published 3 Jul 2020
- disclosed 3 Jul 2020
- credit Wasin Saengow
Introduced: 3 Jul 2020
CVE-2020-2213 Open this link in a new tabHow to fix?
There is no fixed version for org.jenkins-ci.plugins:whitesource
.
Overview
org.jenkins-ci.plugins:whitesource is a White Source external update agent for Jenkins CI.
Affected versions of this package are vulnerable to Unprotected Storage of Credentials. It stores credentials in plain text as part of its global configuration file org.whitesource.jenkins.pipeline.WhiteSourcePipelineStep.xml
and job config.xml
files on the Jenkins master. These credentials could be viewed by users with Extended Read permission (in the case of job config.xml
files) or access to the master file system.