CVE-2019-1003038

Summary

An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Repository Connector Plugin1.2.4 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References