CVE-2019-1003064

HIGH

Jenkins aws-device-farm - Info Disclosure

Title source: llm

Description

Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/107790

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/04/12/2

[Vendor Advisory] https://jenkins.io/security/advisory/2019-04-03/#SECURITY-835

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-311

Status published

Products (2)

jenkins/aws-device-farm

org.jenkins-ci.plugins/aws-device-farm 0 - 1.26Maven

Published Apr 04, 2019

Tracked Since Feb 18, 2026