CVE-2019-1003056 Vulnerability in maven package org.jenkins-ci.plugins:websphere-deployer

Description

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-956

Related Vulnerabilities

CVE-2022-48285 Vulnerability in npm package jszip

CVE-2023-49653 Vulnerability in maven package org.jenkins-ci.plugins:jira

CVE-2020-12648 Vulnerability in maven package org.webjars.bower:tinymce

CVE-2022-21653 Vulnerability in maven package org.typelevel:jawn-parser_3

CVE-2022-43421 Vulnerability in maven package org.jenkins-ci.plugins:tuleap-git-branch-source

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H