Credential Storage Vulnerability in Jenkins CloudShare Docker-Machine Plugin
CVE-2019-1003065
8.8HIGH
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 4 April 2019
Summary
The Jenkins CloudShare Docker-Machine Plugin has a vulnerability where it stores user credentials in an unencrypted format within its global configuration file on the Jenkins master. This insecure storage mechanism allows users with access to the master file system to read sensitive credentials, potentially leading to unauthorized access and data breaches. Administrators should take immediate steps to secure their Jenkins instances and audit access to the configuration files.
Affected Version(s)
Jenkins CloudShare Docker-Machine Plugin all versions as of 2019-04-03
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved