CVE-2019-10296 Vulnerability in maven package com.urbancode.ds.jenkins.plugins:sra-deploy

Description

Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/04/12/2

http://www.securityfocus.com/bid/107790

https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1066

Related Vulnerabilities

CVE-2020-2163 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-16572 Vulnerability in maven package org.jenkins-ci.plugins:weibo

CVE-2021-23356 Vulnerability in npm package kill-process-by-name

CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso

CVE-2014-3623 Vulnerability in maven package org.apache.cxf:cxf

Severity

Critical

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H