Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS01Nzd3LTYyY3AtZjY3aM37Bg

Jenkins Trac Publisher Plugin stores credentials in plain text

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Permalink: https://github.com/advisories/GHSA-577w-62cp-f67h
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01Nzd3LTYyY3AtZjY3aM37Bg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 6 months ago

CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-577w-62cp-f67h, CVE-2019-1003067
References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-1003067
• https://jenkins.io/security/advisory/2019-04-03/#SECURITY-842
• http://www.openwall.com/lists/oss-security/2019/04/12/2
• https://github.com/advisories/GHSA-577w-62cp-f67h

Blast Radius: 1.0

Affected Packages