CVE-2019-1003053 – org.jenkins-ci.plugins:hockeyapp

Package

Manager: maven
Name: org.jenkins-ci.plugins:hockeyapp
Vulnerable Version: >=0 <=1.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00112 pctl0.30357

Details

Jenkins HockeyApp Plugin stores credentials in plain text Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Metadata

Created: 2022-05-13T01:17:45Z
Modified: 2024-01-30T21:43:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-45fr-w365-f7pm/GHSA-45fr-w365-f7pm.json
CWE IDs: ["CWE-311"]
Alternative ID: GHSA-45fr-w365-f7pm
Finding: F020
Auto approve: 1