CVE-2019-1003065 Vulnerability in maven package org.jenkins-ci.plugins:cloudshare-docker

Description

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-838

Related Vulnerabilities

CVE-2022-24999 Vulnerability in npm package express

CVE-2020-2271 Vulnerability in maven package org.jenkins-ci.plugins:locked-files-report

CVE-2019-10293 Vulnerability in maven package org.jenkins-ci.plugins:kmap-jenkins

CVE-2023-46589 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2018-19837 Vulnerability in maven package org.webjars.npm:node-sass

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H