All the vulnerabilites related to Jenkins project - Jenkins jenkins-cloudformation-plugin Plugin
cve-2019-1003061
Vulnerability from cvelistv5
Published
2019-04-04 15:38
Modified
2024-08-05 03:07
Severity ?
Summary
Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
References
http://www.securityfocus.com/bid/107790vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2019/04/12/2mailing-list, x_refsource_MLIST
https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1042x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:07:17.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107790",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107790"
          },
          {
            "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins jenkins-cloudformation-plugin Plugin",
          "vendor": "Jenkins project",
          "versions": [
            {
              "status": "affected",
              "version": "all versions as of 2019-04-03"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T16:45:42.112Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "name": "107790",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107790"
        },
        {
          "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1042"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2019-1003061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins jenkins-cloudformation-plugin Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions as of 2019-04-03"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-256"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107790",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107790"
            },
            {
              "name": "[oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/04/12/2"
            },
            {
              "name": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1042",
              "refsource": "CONFIRM",
              "url": "https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1042"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2019-1003061",
    "datePublished": "2019-04-04T15:38:48",
    "dateReserved": "2019-04-03T00:00:00",
    "dateUpdated": "2024-08-05T03:07:17.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}