Credential Storage Vulnerability in Jenkins CloudShare Docker-Machine Plugin
CVE-2019-1003065
8.8HIGH
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 4 April 2019
What is CVE-2019-1003065?
The Jenkins CloudShare Docker-Machine Plugin has a vulnerability where it stores user credentials in an unencrypted format within its global configuration file on the Jenkins master. This insecure storage mechanism allows users with access to the master file system to read sensitive credentials, potentially leading to unauthorized access and data breaches. Administrators should take immediate steps to secure their Jenkins instances and audit access to the configuration files.
Affected Version(s)
Jenkins CloudShare Docker-Machine Plugin all versions as of 2019-04-03