6.5

CVE-2019-1003089

Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JenkinsUpload To Pgyer SwPlatformjenkins Version <= 1.31
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.23% 0.649
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

http://www.openwall.com/lists/oss-security/2019/04/12/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/107790
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044
Vendor Advisory