Description

Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-09-25/#SECURTIY-1541

http://www.openwall.com/lists/oss-security/2019/09/25/3

Related Vulnerabilities

CVE-2022-36599 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2020-8203 Vulnerability in maven package org.webjars.bower:lodash

CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify

CVE-2018-5158 Vulnerability in npm package pdfjs-dist

CVE-2017-4960 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory