-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from credentials being stored unencrypted in the UrbanDeployPublisher.xml file. Jenkins plugins typically handle credential persistence through save() methods in their configuration classes. The combination of 1) a save() method writing to disk without encryption and 2) plaintext storage in class fields matches the described vulnerability pattern. While no explicit code is shown, the XML filename and CWE-522 context strongly indicate insecure serialization of credential fields during configuration persistence.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.urbancode.ds.jenkins.plugins:sra-deploy | maven | <= 1.4.2.4 |