Description

Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-832

Related Vulnerabilities

CVE-2023-40346 Vulnerability in maven package io.jenkins.plugins:shortcut-job

CVE-2020-2292 Vulnerability in maven package org.jenkins-ci.plugins:release

CVE-2023-22893 Vulnerability in npm package @strapi/plugin-users-permissions

CVE-2019-10314 Vulnerability in maven package org.jenkins-ci.plugins:koji

CVE-2022-36010 Vulnerability in npm package react-editable-json-tree

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory