CVE-2018-1000424

HIGH7.8EPSS 0.04%

Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk

Published: 5/13/2022Modified: 2/16/2024

Description

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

Affected packages (1)

Maven/org.jenkins-ci.plugins:artifactoryfrom 0, < 2.16.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000424
WEBhttps://jenkins.io/security/advisory/2018-09-25/#SECURITY-265
WEBhttp://www.securityfocus.com/bid/106532