CVE-2019-1003063

HIGH

Jenkins Amazon SNS Build Notifier Plugin - Info Disclosure

Title source: llm

Description

Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107790

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/04/12/2

[Vendor Advisory] https://jenkins.io/security/advisory/2019-04-03/#SECURITY-832

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (2)

jenkins/amazon_sns_build_notifier

org.jenkins-ci.plugins/snsnotify 0 - 2.37Maven

Published Apr 04, 2019

Tracked Since Feb 18, 2026