CVE-2019-10467 Vulnerability in maven package org.jenkins-ci.plugins:sonar-gerrit

Description

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/10/23/2

https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1003

Related Vulnerabilities

CVE-2022-3783 Vulnerability in npm package node-red-dashboard

CVE-2020-2128 Vulnerability in maven package com.catalogic.ecxjenkins:catalogic-ecx

CVE-2020-8441 Vulnerability in maven package org.jyaml:jyaml

CVE-2022-46166 Vulnerability in maven package de.codecentric:spring-boot-admin-server

CVE-2020-2218 Vulnerability in maven package org.jenkins-ci.plugins:hp-quality-center

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N