Vulnerability Details CVE-2019-1003038
An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
Products affected by CVE-2019-1003038
-
cpe:2.3:a:jenkins:repository_connector:0.5
-
cpe:2.3:a:jenkins:repository_connector:0.6
-
cpe:2.3:a:jenkins:repository_connector:0.6.1
-
cpe:2.3:a:jenkins:repository_connector:0.7.0
-
cpe:2.3:a:jenkins:repository_connector:0.8.0
-
cpe:2.3:a:jenkins:repository_connector:0.8.1
-
cpe:2.3:a:jenkins:repository_connector:0.8.2
-
cpe:2.3:a:jenkins:repository_connector:1.0.0
-
cpe:2.3:a:jenkins:repository_connector:1.0.1
-
cpe:2.3:a:jenkins:repository_connector:1.1.0
-
cpe:2.3:a:jenkins:repository_connector:1.1.1
-
cpe:2.3:a:jenkins:repository_connector:1.1.2
-
cpe:2.3:a:jenkins:repository_connector:1.1.3
-
cpe:2.3:a:jenkins:repository_connector:1.2.0
-
cpe:2.3:a:jenkins:repository_connector:1.2.1
-
cpe:2.3:a:jenkins:repository_connector:1.2.2
-
cpe:2.3:a:jenkins:repository_connector:1.2.3
-
cpe:2.3:a:jenkins:repository_connector:1.2.4