Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jdmg4LTlqNHgtNXY0as38cQ
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.
Permalink: https://github.com/advisories/GHSA-cvh8-9j4x-5v4jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jdmg4LTlqNHgtNXY0as38cQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 7.8
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-cvh8-9j4x-5v4j, CVE-2018-1000424
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000424
- https://jenkins.io/security/advisory/2018-09-25/#SECURITY-265
- http://www.securityfocus.com/bid/106532
- https://github.com/advisories/GHSA-cvh8-9j4x-5v4j
Affected Packages
maven:org.jenkins-ci.plugins:artifactory
Affected Version Ranges: < 2.16.2Fixed in: 2.16.2