Description

Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.

Remediation

References

http://www.openwall.com/lists/oss-security/2020/02/12/3

https://jenkins.io/security/advisory/2020-02-12/#SECURITY-1540

Related Vulnerabilities

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets

CVE-2021-25329 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-48711 Vulnerability in maven package org.webjars.npm:google-translate-api-browser

CVE-2021-38384 Vulnerability in npm package serverless-offline

CVE-2023-22621 Vulnerability in npm package @strapi/plugin-email

Severity

High

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory