CVE-2019-1003038
published 2019-03-08CVE-2019-1003038: An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | appdynamics_dashboard_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | azure_vm_in_azure_vm_agents_plugin | — | — |
| jenkins | bitbar_run-in-cloud_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | deploy_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | ids_to_allow_administrators_configuring_the_plugin | — | — |
| jenkins | job_dsl_plugin | — | — |
| jenkins | matrix_project_plugin | — | — |
| jenkins | rabbit-mq_publisher_plugin | — | — |
| jenkins | rabbitmq_in_rabbit-mq_publisher_plugin | — | — |
| jenkins | repository_connector | <= 1.2.4 | — |
| jenkins | repository_connector_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | this_allowed_users_able_to_control_the_plugin | — | — |
| jenkins_project | jenkins_repository_connector_plugin | — | — |