CVE-2019-10285 Vulnerability in maven package org.jenkins-ci.plugins:minio-storage

Description

Jenkins Minio Storage Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-955

Related Vulnerabilities

CVE-2021-43859 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2022-0265 Vulnerability in maven package com.hazelcast:hazelcast

CVE-2022-36903 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

CVE-2019-1003068 Vulnerability in maven package com.inkysea.vmware.vra:vmware-vrealize-automation-plugin

CVE-2019-10742 Vulnerability in maven package org.webjars.bower:axios

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H