Date: Thu, 24 Aug 2017 01:49:17 +0200 From: Daniel Beck <ml@...kweb.net> To: oss-security@...ts.openwall.com Subject: Re: Jenkins plugins -- multiple vulnerabilities > On 11. Jul 2017, at 13:52, Daniel Beck <ml@...kweb.net> wrote: > > JENKINS-21436 > The SSH Plugin stores credentials which allow jobs to access remote servers > via the SSH protocol. User passwords and passphrases for encrypted SSH keys > are stored in plaintext in a configuration file. SSH Plugin now integrates > with the Credentials Plugin and existing credentials are migrated. This has been assigned CVE-2017-1000245
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.