CVE-2019-1003054

HIGH

Jenkins Jira Issue Updater Plugin - Info Disclosure

Title source: llm

Description

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107790

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/04/12/2

[Vendor Advisory] https://jenkins.io/security/advisory/2019-04-03/#SECURITY-837

Scores

CVSS v3 8.8

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (2)

info.bluefloyd.jenkins/jenkins-jira-issue-updater 0Maven

jenkins/jira_issue_updater

Published Apr 04, 2019

Tracked Since Feb 18, 2026