CVE-2018-1000424

2019-01-0923:29:02

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

CPENameOperatorVersion
jenkins-artifactory-plugineqartifactory-2.13.1
jenkins-artifactory-plugineqartifactory-2.9.0
jenkins-artifactory-plugineqartifactory-2.2.4
jenkins-artifactory-plugineqartifactory-2.7.2
jenkins-artifactory-plugineqartifactory-2.0.6
jenkins-artifactory-plugineqartifactory-2.0.5
jenkins-artifactory-plugineqartifactory-2.0.0
jenkins-artifactory-plugineqartifactory-2.12.1
jenkins-artifactory-plugineqartifactory-2.13.0
jenkins-artifactory-plugineqartifactory-2.2.6

Name	Operator	Version
jenkins-artifactory-plugin	eq	artifactory-2.13.1
jenkins-artifactory-plugin	eq	artifactory-2.9.0
jenkins-artifactory-plugin	eq	artifactory-2.2.4
jenkins-artifactory-plugin	eq	artifactory-2.7.2
jenkins-artifactory-plugin	eq	artifactory-2.0.6
jenkins-artifactory-plugin	eq	artifactory-2.0.5
jenkins-artifactory-plugin	eq	artifactory-2.0.0
jenkins-artifactory-plugin	eq	artifactory-2.12.1
jenkins-artifactory-plugin	eq	artifactory-2.13.0
jenkins-artifactory-plugin	eq	artifactory-2.2.6