CVE-2019-1003051 Vulnerability in maven package org.jvnet.hudson.plugins:ircbot

Description

Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-829

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2020-11988 Vulnerability in maven package org.apache.xmlgraphics:xmlgraphics-commons

CVE-2019-10306 Vulnerability in maven package org.jenkins-ci.plugins:ontrack

CVE-2023-28684 Vulnerability in maven package com.sap.jenkinsci:remote-jobs-view-plugin

CVE-2023-24188 Vulnerability in maven package com.bstek.ureport:ureport2-core

CVE-2017-11482 Vulnerability in npm package kibana

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H