CVE-2019-1003089 Vulnerability in maven package ren.helloworld:upload-pgyer

Description

Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2023-1454 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common

CVE-2023-50771 Vulnerability in maven package org.jenkins-ci.plugins:oic-auth

CVE-2022-23621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-3632 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2023-20873 Vulnerability in maven package org.springframework.boot:spring-boot-actuator-autoconfigure

Severity

High

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N