[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Jenkins plugins -- multiple vulnerabilities
From:       Daniel Beck <ml () beckweb ! net>
Date:       2017-08-23 23:49:17
Message-ID: 7363538D-EADE-4A90-8C22-9ECE268983DA () beckweb ! net
[Download RAW message or body]


> On 11. Jul 2017, at 13:52, Daniel Beck <ml@beckweb.net> wrote:
> 
> JENKINS-21436
> The SSH Plugin stores credentials which allow jobs to access remote servers 
> via the SSH protocol. User passwords and passphrases for encrypted SSH keys 
> are stored in plaintext in a configuration file. SSH Plugin now integrates 
> with the Credentials Plugin and existing credentials are migrated.

This has been assigned CVE-2017-1000245=
[prev in list] [next in list] [prev in thread] [next in thread]