Date: Thu, 24 Aug 2017 01:49:17 +0200 From: Daniel Beck <ml@...kweb.net> To: oss-security@...ts.openwall.com Subject: Re: Jenkins plugins -- multiple vulnerabilities > On 11. Jul 2017, at 13:52, Daniel Beck <ml@...kweb.net> wrote: > > JENKINS-21436 > The SSH Plugin stores credentials which allow jobs to access remote servers > via the SSH protocol. User passwords and passphrases for encrypted SSH keys > are stored in plaintext in a configuration file. SSH Plugin now integrates > with the Credentials Plugin and existing credentials are migrated. This has been assigned CVE-2017-1000245
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ