Sensitive Information Exposure in Jenkins Job Import Plugin
CVE-2019-1003016
8.8HIGH
What is CVE-2019-1003016?
The Jenkins Job Import Plugin prior to version 2.1 contains a vulnerability that enables an attacker with Overall/Read permissions to connect Jenkins to a maliciously crafted URL. This is achieved by leveraging attacker-specified credential IDs, which could be obtained through various means. Such an exploit could lead to the unintended disclosure of sensitive credentials stored within Jenkins, posing significant security risks to affected installations.
Affected Version(s)
Jenkins Job Import Plugin 2.1 and earlier