Description

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-952

Related Vulnerabilities

CVE-2021-44521 Vulnerability in maven package org.apache.cassandra:cassandra-all

CVE-2021-23507 Vulnerability in npm package object-path-set

CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-services

CVE-2022-41919 Vulnerability in npm package fastify

CVE-2023-26487 Vulnerability in maven package org.webjars.npm:vega-functions

Severity

Critical

Classification

CWE-311 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory