CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-1003067

HIGH
8.8
CVSS Severity Score
EPSS Score0.0850%
EPSS Percentile33.54th
Published2019年4月4日
Last Modified2024年11月21日

Vulnerability Description

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Affected Platforms (CPE)

📦
Jenkins

Trac Publisher

All versions

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2019/04/12/2
🔗 http://www.securityfocus.com/bid/107790
🔗 https://jenkins.io/security/advisory/2019-04-03/#SECURITY-842
🔗 http://www.openwall.com/lists/oss-security/2019/04/12/2
🔗 http://www.securityfocus.com/bid/107790
🔗 https://jenkins.io/security/advisory/2019-04-03/#SECURITY-842

相關漏洞威脅

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...