CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1003038
https://notcve.org/view.php?id=CVE-2019-1003038
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration. Una vulnerabilidad de credenciales protegidas de manera insuficiente en el plugin de Jenkins Repository Connector, en versiones 1.2.4 y anteriores, en src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java y src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java que permite a un atacante con acceso al sistema de archivos local o con control de un navegador del administrador de Jenkins (p.ej. una extensión maliciosa) recuperar la contraseña almacenada en la configuración del plugin. • http://www.securityfocus.com/bid/107476 https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958 • CWE-522: Insufficiently Protected Credentials •