CVE-2019-1003066 Vulnerability in maven package org.jvnet.hudson.plugins:bugzilla

Description

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-841

Related Vulnerabilities

CVE-2022-36914 Vulnerability in maven package org.jenkins-ci.plugins:files-found-trigger

CVE-2022-25171 Vulnerability in npm package p4

CVE-2022-36903 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

CVE-2022-46363 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http

CVE-2020-36319 Vulnerability in maven package com.vaadin:flow-server

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H