CVE-2019-10302 Vulnerability in maven package org.jenkins-ci.plugins:jira-ext

Description

Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Remediation

References

http://www.securityfocus.com/bid/108045

https://jenkins.io/security/advisory/2019-04-17/#SECURITY-836

Related Vulnerabilities

CVE-2019-9737 Vulnerability in maven package org.webjars.bowergithub.pandao:editor.md

CVE-2019-10476 Vulnerability in maven package org.jenkins-ci.plugins:zulip

CVE-2020-10968 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2019-1003034 Vulnerability in maven package org.jenkins-ci.plugins:job-dsl

CVE-2021-44906 Vulnerability in maven package org.webjars.npm:minimist

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H