Design/Logic Flaw

2019-01-0923:29:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

CPENameOperatorVersion
artifactoryle2.16.1

CPE	Name	Operator	Version
	artifactory	le	2.16.1

References

www.securityfocus.com/bid/106532

jenkins.io/security/advisory/2018-09-25/