CVE-2018-1000424

HIGH

Jenkins Artifactory Plugin <2.16.1 - Info Disclosure

Title source: llm

Description

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

References (2)

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 12.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-522
Status published

Affected Products (2)

jfrog/artifactory < 2.16.1
org.jenkins-ci.plugins/artifactory < 2.16.2Maven

Timeline

Published Jan 09, 2019
Tracked Since Feb 18, 2026