CVE-2019-1003053 Vulnerability in maven package org.jenkins-ci.plugins:hockeyapp

Description

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-839

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2022-34787 Vulnerability in maven package hudson.plugins:project-inheritance

CVE-2022-36045 Vulnerability in npm package nodebb

CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-script

CVE-2023-34468 Vulnerability in maven package org.apache.nifi:nifi-dbcp-base

CVE-2018-8006 Vulnerability in maven package org.apache.activemq:activemq-web-console

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H