CVE-2018-1000424

Name of the Vulnerable Software and Affected Versions Jenkins Artifactory Plugin versions 2.16.1 and earlier

Description An issue exists where credentials are not sufficiently protected, allowing attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. This issue is related to the ArtifactoryBuilder.java and CredentialsConfig.java files.

Recommendations For Jenkins Artifactory Plugin versions 2.16.1 and earlier, consider restricting access to the ArtifactoryBuilder.java and CredentialsConfig.java files as a temporary workaround until a patch is available. Additionally, review and update credential configurations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.