Description

Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-946

Related Vulnerabilities

CVE-2020-13920 Vulnerability in maven package org.apache.activemq:activemq-broker

CVE-2020-27664 Vulnerability in npm package strapi

CVE-2021-21380 Vulnerability in maven package org.xwiki.platform:xwiki-platform-ratings-api

CVE-2017-4952 Vulnerability in maven package com.vmware.xenon:xenon-common

CVE-2020-2273 Vulnerability in maven package org.jenkins-ci.plugins:elastestv

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory