Description

Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1043

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2019-10291 Vulnerability in maven package org.jenkins-ci.plugins:netsparker-cloud-scan

CVE-2020-11023 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery

CVE-2019-8331 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2022-23461 Vulnerability in npm package jodit

CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

Severity

High

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry Mailing List