CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for Jenkins Call Remote Job 1.0.18 for Jenkins

Titles listed in dictionary

CPE for product: cpe:2.3:a:jenkins:call_remote_job:1.0.18:*:*:*:*:jenkins:*:*

Showing 1-1 of 1
Medium damage 6.5
Easy to exploit
(other affected products) Published: Wed Sep 25 16:15:00 2019 UTC. Last Modified: Wed Oct 9 23:44:00 2019 UTC
CPE matches: cpe:2.3:a:jenkins:call_remote_job:*:*:*:*:*:jenkins:*:* && versionEndIncluding=1.0.21

Description

Jenkins Call Remote Job Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Damage

Attack conditions

Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (CVSSv3)

Type of bug(s)

References