Description

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/10/16/6

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450

Related Vulnerabilities

CVE-2023-34150 Vulnerability in maven package org.apache.any23:apache-any23-encoding

CVE-2022-36914 Vulnerability in maven package org.jenkins-ci.plugins:files-found-trigger

CVE-2023-45648 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2020-24616 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-2256 Vulnerability in maven package org.keycloak:keycloak-themes

Severity

High

Classification

CWE-312 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory Vendor Advisory