CVE-2019-1003053 Vulnerability in maven package org.jenkins-ci.plugins:hockeyapp

Description

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-839

Related Vulnerabilities

CVE-2022-43423 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader

CVE-2019-1010091 Vulnerability in npm package tinymce

CVE-2023-40167 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2021-26296 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

CVE-2020-1945 Vulnerability in maven package org.apache.ant:ant

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H