漏洞标题
N/A
漏洞描述信息
重键管理员监控器在Jenkins 1.498中被引入,使用新的密钥重新加密JENKINS_HOME中的所有秘密。它还创建了一个包含所有旧秘密的备份目录,以及用于加密它们的密钥。这些备份是可 world 读的,并且之后没有被删除。Jenkins现在将删除备份目录,如果存在。从1.498之前升级将不再创建备份目录。依赖于手动创建的备份文件访问权限的管理员建议检查$JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups目录,并删除其中的内容。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
CloudBees Jenkins re-key admin monitor 信息泄露漏洞
漏洞描述信息
CloudBees Jenkins(前称Hudson Labs)是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。re-key admin monitor是其中的一个re-key管理监视器。 CloudBees Jenkins 1.498版本中的re-key admin monitor存在安全漏洞。远程攻击者可利用该漏洞获取备份文件。
CVSS信息
N/A
漏洞类别
信息泄露