Subversion Plugin
Monthly
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.