CVE-2019-1003056 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer

Description

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-956

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2023-49486 Vulnerability in maven package com.jfinal:jfinal

CVE-2016-6652 Vulnerability in maven package org.springframework.data:spring-data-jpa

CVE-2022-36097 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui

CVE-2021-21179 Vulnerability in npm package electron

CVE-2022-25929 Vulnerability in npm package smoothie

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H