CVE-2019-1003057

HIGH

Jenkins Bitbucket Approve Plugin - Info Disclosure

Title source: llm

Description

Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107790

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/04/12/2

[Vendor Advisory] https://jenkins.io/security/advisory/2019-04-03/#SECURITY-965

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (2)

jenkins/bitbucket_approve

org.jenkins-ci.plugins/bitbucket-approve 0Maven

Published Apr 04, 2019

Tracked Since Feb 18, 2026