Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <7363538D-EADE-4A90-8C22-9ECE268983DA@beckweb.net>
Date: Thu, 24 Aug 2017 01:49:17 +0200
From: Daniel Beck <ml@...kweb.net>
To: oss-security@...ts.openwall.com
Subject: Re: Jenkins plugins -- multiple vulnerabilities


> On 11. Jul 2017, at 13:52, Daniel Beck <ml@...kweb.net> wrote:
> 
> JENKINS-21436
> The SSH Plugin stores credentials which allow jobs to access remote servers 
> via the SSH protocol. User passwords and passphrases for encrypted SSH keys 
> are stored in plaintext in a configuration file. SSH Plugin now integrates 
> with the Credentials Plugin and existing credentials are migrated.

This has been assigned CVE-2017-1000245

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.