CVE-2019-1003038

2019-03-0821:29:00

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator’s web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.

CPENameOperatorVersion
repository-connector-plugineqrepository-connector-0.7.0
repository-connector-plugineqrepository-connector-1.2.2
repository-connector-plugineqrepository-connector-1.2.1
repository-connector-plugineqrepository-connector-1.0.0
repository-connector-plugineqrepository-connector-0.8.2
repository-connector-plugineqrepository-connector-1.2.3
repository-connector-plugineqrepository-connector-1.2.0
repository-connector-plugineqrepository-connector-0.6.1
repository-connector-plugineqrepository-connector-1.1.3
repository-connector-plugineqrepository-connector-1.1.0

Name	Operator	Version
repository-connector-plugin	eq	repository-connector-0.7.0
repository-connector-plugin	eq	repository-connector-1.2.2
repository-connector-plugin	eq	repository-connector-1.2.1
repository-connector-plugin	eq	repository-connector-1.0.0
repository-connector-plugin	eq	repository-connector-0.8.2
repository-connector-plugin	eq	repository-connector-1.2.3
repository-connector-plugin	eq	repository-connector-1.2.0
repository-connector-plugin	eq	repository-connector-0.6.1
repository-connector-plugin	eq	repository-connector-1.1.3
repository-connector-plugin	eq	repository-connector-1.1.0