PT-2019-14727 · Jenkins · Jenkins Weibo Plugin+1

Viktor Gazdag

Publicado

2019-12-17

Atualizado

2024-08-09

CVE-2019-16572

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Weibo Plugin versions 1.0.1 and earlier

Description The issue allows credentials to be stored unencrypted in the global configuration file on the Jenkins master. This can be viewed by users with access to the master file system.

Recommendations For Jenkins Weibo Plugin versions 1.0.1 and earlier, consider restricting access to the master file system to minimize the risk of credential exposure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-1024CWE-256

Identificadores relacionados

CVE-2019-16572

GHSA-5C97-GXR3-R368

Produtos afetados

Jenkins

Jenkins Weibo Plugin

PT-2019-14727 · Jenkins · Jenkins Weibo Plugin+1

CVE-2019-16572

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6