CVE-2018-1000424Insufficiently Protected Credentials in Artifactory

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jfrog Artifactory
Timeline
PublishedJan 9
Latest updateMay 13

Description

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDjfrog/artifactory2.16.1

🔴Vulnerability Details

3
OSV
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk2022-05-13
GHSA
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk2022-05-13
CVEList
CVE-2018-1000424: An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 22019-01-09

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-09-252018-09-25
CVE-2018-1000424 — Insufficiently Protected Credentials | cvebase