Description

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

Remediation

References

CVE-2018-1000424

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5230)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4431)

MySQL CVE-2020-14643 Vulnerability (CVE-2020-14643)

WordPress Plugin Chat-Support Board-WordPress Chat Privilege Escalation (3.3.8)

WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.6.1)

Severity

High

Classification

CVE-2018-1000424 CWE-522 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities