An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.plugins:crowd2(Maven) | 0 | 2.0.1 | N/A |
CVSS Metrics
