Main Vulnerability Database Vulnerabilities #VU18069

#VU18069 Cleartext storage of sensitive information in ECS publisher

Published: March 25, 2019

Vulnerability identifier: #VU18069

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ECS publisher

Software vendor:
Jenkins

Description

The disclosed vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to application stores the API token unencrypted in jobs' config.xml files and its global configuration file on the Jenkins master. A user with Extended Read permission or access to the master file system can obtain to the API token.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2019-03-25/

#VU18069 Cleartext storage of sensitive information in ECS publisher

Description

Remediation

External links

Please verify you're human