Main Vulnerability Database Vulnerabilities #VU17922

Cleartext storage of sensitive information in AppDynamics Dashboard - #VU17922

Published: March 7, 2019

Vulnerability identifier: #VU17922

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Jenkins

Affected software:
AppDynamics Dashboard

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the AppDynamics Dashboard Plugin stores username and password in its configuration unencrypted in jobs' config.xml files on the Jenkins master. A local user can view credentials of other users.

Remediation

Install update from vendor's website.

Sources

https://jenkins.io/security/advisory/2019-03-06

Cleartext storage of sensitive information in AppDynamics Dashboard - #VU17922

Detailed vulnerability description

Remediation

Sources

Please verify you're human