CVE-2018-1000424

HIGH7.8EPSS 0.04%

Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk

發布日:2022/5/13修改日:2024/2/16

描述

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

受影響套件(1)

Maven/org.jenkins-ci.plugins:artifactoryfrom 0, < 2.16.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.8	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000424
WEBhttps://jenkins.io/security/advisory/2018-09-25/#SECURITY-265
WEBhttp://www.securityfocus.com/bid/106532