[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Jenkins plugins -- multiple vulnerabilities
From: Daniel Beck <ml () beckweb ! net>
Date: 2017-08-23 23:49:17
Message-ID: 7363538D-EADE-4A90-8C22-9ECE268983DA () beckweb ! net
[Download RAW message or body]
> On 11. Jul 2017, at 13:52, Daniel Beck <ml@beckweb.net> wrote:
>
> JENKINS-21436
> The SSH Plugin stores credentials which allow jobs to access remote servers
> via the SSH protocol. User passwords and passphrases for encrypted SSH keys
> are stored in plaintext in a configuration file. SSH Plugin now integrates
> with the Credentials Plugin and existing credentials are migrated.
This has been assigned CVE-2017-1000245=
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic