PT-2018-15209 · Jenkins · Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin+1

Viktor Gazdag

Published

2018-08-01

Updated

2022-05-13

CVE-2018-1999030

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin versions 1.3.1 and earlier

Description A sensitive information exposure issue exists, allowing attackers to capture credentials with a known credentials ID stored in Jenkins. This issue is related to the ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, and Nexus3ChoiceListProvider.java files.

Recommendations For Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin versions 1.3.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-1999030

GHSA-FJH2-QHFH-RVFC

Affected Products

Jenkins

Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin

PT-2018-15209 · Jenkins · Jenkins Maven Artifact Choicelistprovider (Nexus) Plugin+1

CVE-2018-1999030

Weakness Enumeration

Related Identifiers

Affected Products

References · 8