Credential Storage Vulnerability in Jenkins Perfecto Mobile Plugin
CVE-2019-1003095

6.5MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Perfecto Mobile Plugin
Vendor
CVE Published:
4 April 2019

What is CVE-2019-1003095?

The Jenkins Perfecto Mobile Plugin has a security flaw that leads to the storage of user credentials in an unencrypted format within its global configuration file on the Jenkins master. This vulnerability allows users with access to the Jenkins master file system to view sensitive credentials, posing a significant risk of unauthorized access and potential exploitation.

Affected Version(s)

Jenkins Perfecto Mobile Plugin all versions as of 2019-04-03

References

http://www.securityfocus.com/bid/107790
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2019/04/12/2
mailing-listx_refsource_MLIST
https://jenkins.io/security/advisory/2019-04-03/#SECURITY...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.