An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and previous versions in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian crowd2 |