CVE-2019-16557 – com.redgate.plugins.redgatesqlci:redgate-sql-ci

Package

Manager: maven
Name: com.redgate.plugins.redgatesqlci:redgate-sql-ci
Vulnerable Version: >=0 <2.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00047 pctl0.14135

Details

Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Metadata

Created: 2022-05-24T17:03:47Z
Modified: 2023-10-26T20:48:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hpq-528p-48j3/GHSA-9hpq-528p-48j3.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-9hpq-528p-48j3
Finding: F035
Auto approve: 1