CVE-2019-1003063 Vulnerability in maven package org.jenkins-ci.plugins:snsnotify

Description

Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-832

Related Vulnerabilities

CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.12

CVE-2022-36919 Vulnerability in maven package org.jenkins-ci.plugins:coverity

CVE-2019-11819 Vulnerability in maven package org.opencms:org.opencms.workplace.tools.accounts

CVE-2022-31108 Vulnerability in maven package org.webjars.npm:mermaid

CVE-2019-11269 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H