Описание
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.16.1 (включая)
cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
EPSS
Процентиль: 12%
0.0004
Низкий
7.8 High
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-522