CVE-2019-1003055

HIGH

Jenkins FTP Publisher < - Info Disclosure

Title source: llm

Description

Jenkins FTP publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107790

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/04/12/2

[Vendor Advisory] https://jenkins.io/security/advisory/2019-04-03/#SECURITY-954

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (2)

jenkins/ftp_publisher

org.jvnet.hudson.plugins/ftppublisher 0Maven

Published Apr 04, 2019

Tracked Since Feb 18, 2026