Description

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

Remediation

References

CVE-2018-1000424

Related Vulnerabilities

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33197)

Oracle Application Server CVE-2008-7237 Vulnerability (CVE-2008-7237)

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2017-7668)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.36)

Oracle Application Server Other Vulnerability (CVE-2002-1632)

Severity

High

Classification

CVE-2018-1000424 CWE-522 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities