Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 24 Aug 2017 01:49:17 +0200
From: Daniel Beck <ml@...kweb.net>
To: oss-security@...ts.openwall.com
Subject: Re: Jenkins plugins -- multiple vulnerabilities


> On 11. Jul 2017, at 13:52, Daniel Beck <ml@...kweb.net> wrote:
> 
> JENKINS-21436
> The SSH Plugin stores credentials which allow jobs to access remote servers 
> via the SSH protocol. User passwords and passphrases for encrypted SSH keys 
> are stored in plaintext in a configuration file. SSH Plugin now integrates 
> with the Credentials Plugin and existing credentials are migrated.

This has been assigned CVE-2017-1000245

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ