Description

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434

Related Vulnerabilities

CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui

CVE-2015-5174 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2024-4367 Vulnerability in maven package org.webjars.bower:pdfjs-dist

CVE-2016-5388 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2021-27738 Vulnerability in maven package org.apache.kylin:kylin-stream-coordinator

Severity

Low

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory