CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1003067

HIGH
8.8
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile33.54th
PublishedApr 4, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Trac Publisher

All versions

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2019/04/12/2
πŸ”— http://www.securityfocus.com/bid/107790
πŸ”— https://jenkins.io/security/advisory/2019-04-03/#SECURITY-842
πŸ”— http://www.openwall.com/lists/oss-security/2019/04/12/2
πŸ”— http://www.securityfocus.com/bid/107790
πŸ”— https://jenkins.io/security/advisory/2019-04-03/#SECURITY-842

Related Vulnerabilities

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...