cvedb.io
CVE-2017-1000113
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2017-10-05T01:29:04.510 · Last modified 2026-06-17T00:58:45.843

Summary

The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.

Affected products

jenkins — deploy

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.