CVE-2018-1000104
published 2018-03-13CVE-2018-1000104: A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_slave_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | coverity | <= 1.10.0 | — |
| jenkins | coverity_plugin | — | — |
| jenkins | cppncss_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | envinject_plugin | — | — |
| jenkins | environment_injector_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | google_play_android_publisher_plugin | — | — |
| jenkins | ids_in_google_play_android_publisher_plugin | — | — |
| jenkins | improper_access_control_in_gerrit_trigger_plugin | — | — |
| jenkins | job_and_node_ownership_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | testlink_plugin | — | — |
| jenkins | url_in_git_plugin | — | — |
| jenkins | url_in_mercurial_plugin | — | — |
| jenkins | url_in_subversion_plugin | — | — |
| jenkins | you_have_ever_used_environment_injector_plugin | — | — |