CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater

Description

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-837

Related Vulnerabilities

CVE-2020-23849 Vulnerability in npm package jsoneditor

CVE-2021-21350 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2020-13929 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2022-45395 Vulnerability in maven package com.thalesgroup.jenkins-ci.plugins:cccc

CVE-2022-35948 Vulnerability in npm package undici

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H