Description

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450

http://www.openwall.com/lists/oss-security/2019/10/16/6

Related Vulnerabilities

CVE-2013-4390 Vulnerability in maven package org.apache.sling:org.apache.sling.auth.core

CVE-2022-28890 Vulnerability in maven package org.apache.jena:jena-core

CVE-2022-22984 Vulnerability in npm package @snyk/snyk-hex-plugin

CVE-2022-1330 Vulnerability in maven package org.webjars.bower:fullpage

CVE-2020-2138 Vulnerability in maven package org.jenkins-ci.plugins:cobertura

Severity

High

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory