Description

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1575

http://www.openwall.com/lists/oss-security/2019/09/25/3

Related Vulnerabilities

CVE-2018-17960 Vulnerability in maven package org.webjars:ckeditor

CVE-2020-13931 Vulnerability in maven package org.apache.tomee:openejb-core

CVE-2013-2160 Vulnerability in maven package org.codehaus.woodstox:woodstox-core-asl

CVE-2019-12407 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

CVE-2022-36098 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mentions-ui

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory