CVE-2019-1003055 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher

Description

Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-954

Related Vulnerabilities

CVE-2020-36518 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2018-11804 Vulnerability in maven package org.apache.spark:spark-core

CVE-2021-32691 Vulnerability in npm package data-connector-rock

CVE-2019-16776 Vulnerability in maven package org.webjars.npm:bin-links

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H