CVE-2019-1003096 Vulnerability in maven package org.jenkins-ci.plugins:testfairy

Description

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1062

Related Vulnerabilities

CVE-2019-1003042 Vulnerability in maven package org.6wind.jenkins:lockable-resources

CVE-2020-15232 Vulnerability in maven package org.mapfish.print:print-lib

CVE-2020-26274 Vulnerability in npm package systeminformation

CVE-2023-39410 Vulnerability in maven package org.apache.avro:avro

CVE-2020-2257 Vulnerability in maven package org.jenkins-ci.plugins:validating-string-parameter

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N