CVE-2019-1003060 Vulnerability in maven package org.jenkins-ci.plugins:zap

Description

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1041

Related Vulnerabilities

CVE-2022-36915 Vulnerability in maven package org.jenkins-ci.plugins:android-signing

CVE-2020-9492 Vulnerability in maven package org.apache.hadoop:hadoop-hdfs-client

CVE-2020-8244 Vulnerability in npm package bl

CVE-2022-39287 Vulnerability in npm package tiny-csrf

CVE-2018-14719 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H