#VU17922 Cleartext storage of sensitive information in AppDynamics Dashboard
Published: March 7, 2019
Vulnerability identifier: #VU17922
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-312
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AppDynamics Dashboard
AppDynamics Dashboard
Software vendor:
Jenkins
Jenkins
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the AppDynamics Dashboard Plugin stores username and password in its configuration unencrypted in jobs'
config.xml files on the Jenkins master. A local user can view credentials of other users.
Remediation
Install update from vendor's website.