Description

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1543

http://www.openwall.com/lists/oss-security/2019/09/25/3

Related Vulnerabilities

CVE-2022-2932 Vulnerability in maven package org.webjars.npm:mobiledoc-kit

CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4

CVE-2021-41182 Vulnerability in npm package jquery-ui

CVE-2022-23710 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2018-1999027 Vulnerability in maven package org.jenkins-ci.plugins:saltstack

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory