CVE-2019-1003061 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-cloudformation-plugin

Description

Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1042

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2023-25500 Vulnerability in maven package com.vaadin:vaadin

CVE-2023-20883 Vulnerability in maven package org.springframework.boot:spring-boot-autoconfigure

CVE-2023-50721 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-ui

CVE-2016-4464 Vulnerability in maven package org.apache.cxf.fediz:fediz-core

CVE-2017-1000400 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H