Description

Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Remediation

References

http://www.securityfocus.com/bid/108045

https://jenkins.io/security/advisory/2019-04-17/#SECURITY-836

Related Vulnerabilities

CVE-2017-18355 Vulnerability in npm package rendertron-middleware

CVE-2019-19771 Vulnerability in npm package cionstring

CVE-2012-2098 Vulnerability in maven package org.apache.commons:commons-compress

CVE-2019-9737 Vulnerability in maven package org.webjars.bower:editor.md

CVE-2020-6427 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry Vendor Advisory