CVE-2020-2156 – com.openmake:deployhub

Package

Manager: maven
Name: com.openmake:deployhub
Vulnerable Version: >=0 <=8.0.14

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00044 pctl0.12544

Details

Credentials transmitted in plain text by Jenkins DeployHub Plugin DeployHub Plugin stores credentials in job `config.xml` files as part of its configuration. While the credentials are stored encrypted on disk, they are transmitted in plain text as part of the configuration form by DeployHub Plugin 8.0.14 and earlier. These credentials could be viewed by users with Extended Read permission.

Metadata

Created: 2022-05-24T17:10:29Z
Modified: 2023-01-05T20:44:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hm57-4qpx-f734/GHSA-hm57-4qpx-f734.json
CWE IDs: ["CWE-319"]
Alternative ID: GHSA-hm57-4qpx-f734
Finding: F017
Auto approve: 1