Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jaG04LXdwM2gtZjRtM84AAgeC
Jenkins jira-ext Plugin stores credentials unencrypted
Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file hudson.plugins.jira.JiraProjectProperty.xml
on the Jenkins master. These credentials could be viewed by users with access to the Jenkins master file system.
jira-ext Plugin version 0.9 stores credentials encrypted.
Permalink: https://github.com/advisories/GHSA-chm8-wp3h-f4m3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jaG04LXdwM2gtZjRtM84AAgeC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-chm8-wp3h-f4m3, CVE-2019-10302
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10302
- https://jenkins.io/security/advisory/2019-04-17/#SECURITY-836
- http://www.securityfocus.com/bid/108045
- https://github.com/jenkinsci/jira-ext-plugin/commit/e252f4084089e5cfb4c7bad389d3d20f3ec594fb
- https://github.com/advisories/GHSA-chm8-wp3h-f4m3
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:jira-ext
Affected Version Ranges: < 0.9Fixed in: 0.9