Description

Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/10/23/2

https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1477

Related Vulnerabilities

CVE-2023-1784 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2021-21252 Vulnerability in npm package jquery-validation

CVE-2022-43433 Vulnerability in maven package io.jenkins.plugins:screenrecorder

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-rs

CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory