GHSA-xm94-9jw8-p6hw

Suggest an improvement
Source
https://github.com/advisories/GHSA-xm94-9jw8-p6hw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xm94-9jw8-p6hw/GHSA-xm94-9jw8-p6hw.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-xm94-9jw8-p6hw
Aliases
Published
2022-05-24T16:46:09Z
Modified
2024-02-14T05:31:59.792042Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin
Details

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

Database specific
{
    "nvd_published_at": "2019-05-21T13:29:00Z",
    "cwe_ids": [
        "CWE-200",
        "CWE-538"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-28T23:09:37Z"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:credentials

Package

Name
org.jenkins-ci.plugins:credentials
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/credentials

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.19

Affected versions

1.*

1.0
1.1
1.2
1.3
1.3.1
1.4
1.5
1.6
1.7
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.9
1.9.1
1.9.2
1.9.3
1.9.4
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.16.1
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28

2.*

2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18

Database specific

{
    "last_known_affected_version_range": "<= 2.1.18"
}