CVE-2019-10298 Vulnerability in maven package org.jenkins-ci.plugins:koji

Description

Jenkins Koji Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1092

http://www.securityfocus.com/bid/107790

http://www.openwall.com/lists/oss-security/2019/04/12/2

Related Vulnerabilities

CVE-2019-10372 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

CVE-2022-25758 Vulnerability in maven package org.webjars.npm:scss-tokenizer

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2018-14042 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-broker

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H