cbcvebase.
CVE-2018-1000424
published 2019-01-09

CVE-2018-1000424: An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java…

PriorityP337high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.33%
25.1th percentile
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
jenkinsarachni_scanner_plugin
jenkinsargus_notifier_plugin
jenkinsartifactory_plugin
jenkinschatter_notifier_plugin
jenkinsconfig_file_provider_plugin
jenkinscredentials_plugin
jenkinscrowd_2_integration_plugin
jenkinsdimensions_plugin
jenkinsemail_extension_template_plugin
jenkinsgit_changelog_plugin
jenkinshipchat_plugin
jenkinsids_in_argus_notifier_plugin
jenkinsids_in_chatter_notifier_plugin
jenkinsids_in_hipchat_plugin
jenkinsids_in_mesos_plugin
jenkinsids_to_allow_administrators_configuring_the_plugin
jenkinsids_to_allow_users_configuring_the_plugin
jenkinsjavamelody_library_bundled_in_monitoring_plugin
jenkinsjira_plugin
jenkinsjob_config_history_plugin
jenkinsjob_configuration_history_plugin
jenkinsjunit_plugin
jenkinsmesos_cloud_plugin
jenkinsmesos_plugin
jenkinsmetadata_plugin

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.