Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1jaG04LXdwM2gtZjRtM84AAgeC

Jenkins jira-ext Plugin stores credentials unencrypted

Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file hudson.plugins.jira.JiraProjectProperty.xml on the Jenkins master. These credentials could be viewed by users with access to the Jenkins master file system.

jira-ext Plugin version 0.9 stores credentials encrypted.

Permalink: https://github.com/advisories/GHSA-chm8-wp3h-f4m3
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jaG04LXdwM2gtZjRtM84AAgeC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 5 months ago

CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-chm8-wp3h-f4m3, CVE-2019-10302
References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-10302
• https://jenkins.io/security/advisory/2019-04-17/#SECURITY-836
• http://www.securityfocus.com/bid/108045
• https://github.com/jenkinsci/jira-ext-plugin/commit/e252f4084089e5cfb4c7bad389d3d20f3ec594fb
• https://github.com/advisories/GHSA-chm8-wp3h-f4m3

Repository: https://github.com/jenkinsci/jira-ext-plugin
Blast Radius: 1.0

Affected Packages