Description

Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-965

Related Vulnerabilities

CVE-2020-2282 Vulnerability in maven package org.jenkins-ci.plugins:implied-labels

CVE-2019-12409 Vulnerability in maven package org.apache.solr:solr-core

CVE-2023-46652 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation

CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder

CVE-2019-19771 Vulnerability in npm package cionstring

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory