Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMzRyLWY3aDYtYzNqMs37CQ
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencrypted in its global configuration file jenkins.plugins.awslogspublisher.AWSLogsConfig.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tMzRyLWY3aDYtYzNqMs37CQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-m34r-f7h6-c3j2, CVE-2019-1003062
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1003062
- https://jenkins.io/security/advisory/2019-04-03/#SECURITY-830
- http://www.openwall.com/lists/oss-security/2019/04/12/2
- https://github.com/advisories/GHSA-m34r-f7h6-c3j2
Affected Packages
maven:org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
Affected Version Ranges: <= 1.2.0No known fixed version