CVE-2019-10467 Vulnerability in maven package org.jenkins-ci.plugins:sonar-gerrit

Description

Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/10/23/2

https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1003

Related Vulnerabilities

CVE-2020-2239 Vulnerability in maven package org.jenkins-ci.plugins:parameterized-remote-trigger

CVE-2023-38509 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui

CVE-2021-45029 Vulnerability in maven package org.apache.shenyu:shenyu-common

CVE-2020-2187 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2022-45386 Vulnerability in maven package org.jenkins-ci.plugins:violations

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N