CVE-2019-1003075

CWE-3115 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 76.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Project Jenkins Audit TO Database Plugin
Timeline
PublishedApr 4
Latest updateMay 13

Description

Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

ā–¶CVEListV5jenkins_project/jenkins_audit_to_database_pluginall versions as of 2019-04-03

šŸ”“Vulnerability Details

3
OSV
Jenkins Audit to Database Plugin stores credentials in plain textā†—2022-05-13
ā–¶
GHSA
Jenkins Audit to Database Plugin stores credentials in plain textā†—2022-05-13
ā–¶
CVEList
CVE-2019-1003075: Jenkins Audit to Database Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by useā†—2019-04-04
ā–¶

šŸ“‹Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-03ā†—2019-04-03
ā–¶
CVE-2019-1003075 (HIGH CVSS 8.8) | Jenkins Audit to Database Plugin st | cvebase.io