CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-1003066

HIGH
8.8
CVSS Severity Score
EPSS Score0.1510%
EPSS Percentile22.39th
Published2019年4月4日
Last Modified2024年11月21日

Vulnerability Description

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Affected Platforms (CPE)

📦
Jenkins

Bugzilla

All versions

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2019/04/12/2
🔗 http://www.securityfocus.com/bid/107790
🔗 https://jenkins.io/security/advisory/2019-04-03/#SECURITY-841
🔗 http://www.openwall.com/lists/oss-security/2019/04/12/2
🔗 http://www.securityfocus.com/bid/107790
🔗 https://jenkins.io/security/advisory/2019-04-03/#SECURITY-841

関連する脆弱性情報

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2018-51238.8

A third party website can access information available to a user with access to a restricted bug entry using the image generation ...