CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for Jenkins crittercism-dsym for Jenkins

Titles listed in dictionary

CPE for product: cpe:2.3:a:jenkins:crittercism-dsym:-:*:*:*:*:jenkins:*:*

Showing 1-1 of 1
Maximal damage 8.8
Easy to exploit
(other affected products) Published: Thu Apr 4 16:29:00 2019 UTC. Last Modified: Fri Oct 2 14:46:00 2020 UTC
CPE matches: cpe:2.3:a:jenkins:crittercism-dsym:*:*:*:*:*:jenkins:*:*


Jenkins crittercism-dsym Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.


Attack conditions

Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (CVSSv3)

Type of bug(s)