CVE-2019-1003096
MEDIUMJenkins TestFairy Plugin - Info Disclosure
Title source: llmDescription
Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
36.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-522
Status
published
Affected Products (2)
jenkins/testfairy
< 4.16
org.jenkins-ci.plugins/TestFairy
< 4.17.2Maven
Timeline
Published
Apr 04, 2019
Tracked Since
Feb 18, 2026