CVE-2019-1003097 – com.ds.tools.hudson:crowd

Package

Manager: maven
Name: com.ds.tools.hudson:crowd
Vulnerable Version: >=0 <=1.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00111 pctl0.30205

Details

Jenkins Crowd Integration Plugin stores credentials in plain text Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Metadata

Created: 2022-05-13T01:25:16Z
Modified: 2024-01-30T21:53:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r5jr-82x4-r6j7/GHSA-r5jr-82x4-r6j7.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-r5jr-82x4-r6j7
Finding: F035
Auto approve: 1