CVE-2019-1003055 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher

Description

Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-954

Related Vulnerabilities

CVE-2019-10353 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-25860 Vulnerability in maven package org.webjars.npm:simple-git

CVE-2022-39239 Vulnerability in npm package @netlify/ipx

CVE-2021-21697 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-7642 Vulnerability in maven package org.webjars.bower:lazysizes

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H