CVE-2019-1003063 Vulnerability in maven package org.jenkins-ci.plugins:snsnotify

Description

Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-832

Related Vulnerabilities

CVE-2019-3772 Vulnerability in maven package org.springframework.integration:spring-integration-ws

CVE-2023-37957 Vulnerability in maven package io.jenkins.plugins:pipeline-restful-api

CVE-2022-23461 Vulnerability in npm package jodit

CVE-2020-36649 Vulnerability in maven package org.webjars.bower:papaparse

CVE-2020-8127 Vulnerability in npm package reveal.js

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H