CyberSec.Space Logo
Back to CVE Browser

CVE-2019-1003066

HIGH
8.8
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile22.39th
PublishedApr 4, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Bugzilla

All versions

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2019/04/12/2
πŸ”— http://www.securityfocus.com/bid/107790
πŸ”— https://jenkins.io/security/advisory/2019-04-03/#SECURITY-841
πŸ”— http://www.openwall.com/lists/oss-security/2019/04/12/2
πŸ”— http://www.securityfocus.com/bid/107790
πŸ”— https://jenkins.io/security/advisory/2019-04-03/#SECURITY-841

Related Vulnerabilities

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2018-51238.8

A third party website can access information available to a user with access to a restricted bug entry using the image generation ...