Description

Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURTIY-1541

Related Vulnerabilities

CVE-2020-2176 Vulnerability in maven package it.infuse.jenkins:usemango-runner

CVE-2020-36180 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-common-utilities

CVE-2022-45397 Vulnerability in maven package org.jenkins-ci.plugins:osf-builder-suite-xml-linter

CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.13

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory