PT-2018-15209 · Jenkins · Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin+1

Viktor Gazdag

Publicado

2018-08-01

Atualizado

2022-05-13

CVE-2018-1999030

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin versions 1.3.1 and earlier

Description A sensitive information exposure issue exists, allowing attackers to capture credentials with a known credentials ID stored in Jenkins. This issue is related to the ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, and Nexus3ChoiceListProvider.java files.

Recommendations For Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin versions 1.3.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-1999030

GHSA-FJH2-QHFH-RVFC

Produtos afetados

Jenkins

Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin

PT-2018-15209 · Jenkins · Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin+1

CVE-2018-1999030

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8