Credential Storage Weakness in Jenkins Subversion Plugin

CVE-2013-6372

Summary

The Subversion plugin for Jenkins, versions prior to 1.54, contains a vulnerability that involves the insecure storage of credentials using base64 encoding. This method of encoding does not provide sufficient security, allowing local users to easily access sensitive information such as passwords and SSH private keys. The credentials are stored in a file named subversion.credentials, which increases the risk of credential theft when an unauthorized user has access to the system. This vulnerability highlights the necessity for secure credential management practices and the importance of updating software to the latest versions to mitigate such security risks.

References