Description

Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/09/25/3

https://jenkins.io/security/advisory/2019-09-25/#SECURTIY-1541

Related Vulnerabilities

CVE-2023-40787 Vulnerability in maven package org.springblade:blade-core-tool

CVE-2023-46499 Vulnerability in npm package @evershop/evershop

CVE-2021-41248 Vulnerability in npm package graphiql

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war

CVE-2020-1937 Vulnerability in maven package org.apache.kylin:kylin-server-base

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory