Description

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434

Related Vulnerabilities

CVE-2018-1000176 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2022-36882 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2020-2122 Vulnerability in maven package org.jenkins-ci.plugins:brakeman

CVE-2016-0783 Vulnerability in maven package org.apache.openmeetings:openmeetings-install

CVE-2020-2114 Vulnerability in maven package org.jenkins-ci.plugins:s3

Severity

Low

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory