Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1wNnFyLTI4NmctNzlyds37Cg

Jenkins Jira Issue Updater Plugin stores credentials in plain text

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.

Permalink: https://github.com/advisories/GHSA-p6qr-286g-79rv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNnFyLTI4NmctNzlyds37Cg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 6 months ago

CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-p6qr-286g-79rv, CVE-2019-1003054
References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-1003054
• https://jenkins.io/security/advisory/2019-04-03/#SECURITY-837
• http://www.openwall.com/lists/oss-security/2019/04/12/2
• https://github.com/advisories/GHSA-p6qr-286g-79rv

Blast Radius: 1.0

Affected Packages