Lucene search
JenkinsCVELIST:CVE-2019-1003038HistoryMar 08, 2019 - 9:00 p.m.
CVE-2019-1003038
2019-03-0821:00:00
jenkins
www.cve.org
0.0004 Low
EPSS
Percentile
5.1%
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator’s web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
CNA Affected
[
{
"product": "Jenkins Repository Connector Plugin",
"vendor": "Jenkins project",
"versions": [
{
"status": "affected",
"version": "1.2.4 and earlier"
}
]
}
]Related
osv
osv
CVE-2019-1003038
2019-03-08 21:29:00
Jenkins Repository Connector Plugin has insufficiently protected credentials
2022-05-13 01:15:07
cve
cve
CVE-2019-1003038
2019-03-08 21:29:00
veracode
veracode
Information Disclosure
2019-03-11 08:42:53
github
github
Jenkins Repository Connector Plugin has insufficiently protected credentials
2022-05-13 01:15:07
prion
prion
Design/Logic Flaw
2019-03-08 21:29:00
nvd
nvd
CVE-2019-1003038
2019-03-08 21:29:00