CVE-2019-1003065 Vulnerability in maven package org.jenkins-ci.plugins:cloudshare-docker

Description

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-838

Related Vulnerabilities

CVE-2021-41184 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm

CVE-2020-7723 Vulnerability in npm package promisehelpers

CVE-2022-36437 Vulnerability in maven package com.hazelcast:hazelcast-enterprise

CVE-2023-26115 Vulnerability in maven package org.webjars.npm:word-wrap

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H