GHSA-f6g8-pxvp-9328

Suggest an improvement
Source
https://github.com/advisories/GHSA-f6g8-pxvp-9328
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f6g8-pxvp-9328/GHSA-f6g8-pxvp-9328.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-f6g8-pxvp-9328
Aliases
  • CVE-2019-10412
Published
2022-05-24T16:56:45Z
Modified
2023-12-13T10:17:10.338701Z
Severity
  • 3.1 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Details

Inedo ProGet Plugin Plugin stores a service password in its global Jenkins configuration.

While the password is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the password through browser extensions, cross-site scripting vulnerabilities, and similar situations.

Inedo ProGet Plugin Plugin now encrypts the password transmitted to administrators viewing the global configuration form.

Database specific
{
    "nvd_published_at": "2019-09-25T16:15:00Z",
    "cwe_ids": [
        "CWE-319"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-23T20:32:49Z"
}
References

Affected packages

Maven / com.inedo.proget:inedo-proget

Package

Name
com.inedo.proget:inedo-proget
View open source insights on deps.dev
Purl
pkg:maven/com.inedo.proget/inedo-proget

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3

Affected versions

0.*

0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8

1.*

1.0
1.1
1.2