Vulnerability Details CVE-2018-1000424
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
Products affected by CVE-2018-1000424
-
cpe:2.3:a:jfrog:artifactory:1.0
-
cpe:2.3:a:jfrog:artifactory:1.0.1
-
cpe:2.3:a:jfrog:artifactory:1.0.2
-
cpe:2.3:a:jfrog:artifactory:1.0.3
-
cpe:2.3:a:jfrog:artifactory:1.0.4
-
cpe:2.3:a:jfrog:artifactory:1.0.5
-
cpe:2.3:a:jfrog:artifactory:1.0.6
-
cpe:2.3:a:jfrog:artifactory:1.0.7
-
cpe:2.3:a:jfrog:artifactory:1.1.0
-
cpe:2.3:a:jfrog:artifactory:1.2.0
-
cpe:2.3:a:jfrog:artifactory:1.3.0
-
cpe:2.3:a:jfrog:artifactory:1.3.1
-
cpe:2.3:a:jfrog:artifactory:1.3.2
-
cpe:2.3:a:jfrog:artifactory:1.3.3
-
cpe:2.3:a:jfrog:artifactory:1.3.4
-
cpe:2.3:a:jfrog:artifactory:1.3.5
-
cpe:2.3:a:jfrog:artifactory:1.3.6
-
cpe:2.3:a:jfrog:artifactory:1.4.0
-
cpe:2.3:a:jfrog:artifactory:1.4.1
-
cpe:2.3:a:jfrog:artifactory:1.4.2
-
cpe:2.3:a:jfrog:artifactory:1.4.3
-
cpe:2.3:a:jfrog:artifactory:1.4.4
-
cpe:2.3:a:jfrog:artifactory:2.0.0
-
cpe:2.3:a:jfrog:artifactory:2.0.1
-
cpe:2.3:a:jfrog:artifactory:2.0.2
-
cpe:2.3:a:jfrog:artifactory:2.0.3
-
cpe:2.3:a:jfrog:artifactory:2.0.4
-
cpe:2.3:a:jfrog:artifactory:2.0.5
-
cpe:2.3:a:jfrog:artifactory:2.0.6
-
cpe:2.3:a:jfrog:artifactory:2.0.7
-
cpe:2.3:a:jfrog:artifactory:2.0.8
-
cpe:2.3:a:jfrog:artifactory:2.0.9
-
cpe:2.3:a:jfrog:artifactory:2.1.0
-
cpe:2.3:a:jfrog:artifactory:2.1.1
-
cpe:2.3:a:jfrog:artifactory:2.1.2
-
cpe:2.3:a:jfrog:artifactory:2.1.3
-
cpe:2.3:a:jfrog:artifactory:2.1.4
-
cpe:2.3:a:jfrog:artifactory:2.1.5
-
cpe:2.3:a:jfrog:artifactory:2.1.6
-
cpe:2.3:a:jfrog:artifactory:2.1.7
-
cpe:2.3:a:jfrog:artifactory:2.1.8
-
cpe:2.3:a:jfrog:artifactory:2.10.0
-
cpe:2.3:a:jfrog:artifactory:2.10.1
-
cpe:2.3:a:jfrog:artifactory:2.10.2
-
cpe:2.3:a:jfrog:artifactory:2.10.3
-
cpe:2.3:a:jfrog:artifactory:2.10.4
-
cpe:2.3:a:jfrog:artifactory:2.11.0
-
cpe:2.3:a:jfrog:artifactory:2.12.0
-
cpe:2.3:a:jfrog:artifactory:2.12.1
-
cpe:2.3:a:jfrog:artifactory:2.12.2
-
cpe:2.3:a:jfrog:artifactory:2.13.0
-
cpe:2.3:a:jfrog:artifactory:2.13.1
-
cpe:2.3:a:jfrog:artifactory:2.14.0
-
cpe:2.3:a:jfrog:artifactory:2.15.0
-
cpe:2.3:a:jfrog:artifactory:2.15.1
-
cpe:2.3:a:jfrog:artifactory:2.16.0
-
cpe:2.3:a:jfrog:artifactory:2.16.1
-
cpe:2.3:a:jfrog:artifactory:2.2.0
-
cpe:2.3:a:jfrog:artifactory:2.2.1
-
cpe:2.3:a:jfrog:artifactory:2.2.2
-
cpe:2.3:a:jfrog:artifactory:2.2.3
-
cpe:2.3:a:jfrog:artifactory:2.2.4
-
cpe:2.3:a:jfrog:artifactory:2.2.5
-
cpe:2.3:a:jfrog:artifactory:2.2.6
-
cpe:2.3:a:jfrog:artifactory:2.2.7
-
cpe:2.3:a:jfrog:artifactory:2.2.7.1
-
cpe:2.3:a:jfrog:artifactory:2.2.7.1-snapshot
-
cpe:2.3:a:jfrog:artifactory:2.3.0
-
cpe:2.3:a:jfrog:artifactory:2.3.1
-
cpe:2.3:a:jfrog:artifactory:2.3.1-hap-624
-
cpe:2.3:a:jfrog:artifactory:2.4.0
-
cpe:2.3:a:jfrog:artifactory:2.4.1
-
cpe:2.3:a:jfrog:artifactory:2.4.2
-
cpe:2.3:a:jfrog:artifactory:2.4.4
-
cpe:2.3:a:jfrog:artifactory:2.4.5
-
cpe:2.3:a:jfrog:artifactory:2.4.6
-
cpe:2.3:a:jfrog:artifactory:2.4.7
-
cpe:2.3:a:jfrog:artifactory:2.5.0
-
cpe:2.3:a:jfrog:artifactory:2.5.1
-
cpe:2.3:a:jfrog:artifactory:2.6.0
-
cpe:2.3:a:jfrog:artifactory:2.7.0
-
cpe:2.3:a:jfrog:artifactory:2.7.1
-
cpe:2.3:a:jfrog:artifactory:2.7.2
-
cpe:2.3:a:jfrog:artifactory:2.8.0
-
cpe:2.3:a:jfrog:artifactory:2.8.1
-
cpe:2.3:a:jfrog:artifactory:2.8.2
-
cpe:2.3:a:jfrog:artifactory:2.9.0
-
cpe:2.3:a:jfrog:artifactory:2.9.1
-
cpe:2.3:a:jfrog:artifactory:2.9.2