1. Home
  2. Vulnerabilities
  3. CVE-2018-1000424

CVE-2018-1000424

CVSS v3.0 7.8 (High)
78% Progress
CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

Weaknesses
CWE-522
Insufficiently Protected Credentials
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2019-01-09 23:29:02
(5 years ago)
Updated Date
2020-08-24 17:37:01
(4 years ago)

Affected Products

Jfrog

Configuration #1

    CPE23 From Up To
  Jfrog Artifactory for Jenkins 2.16.1 and prior versions cpe:2.3:a:jfrog:artifactory::*:*:*:*:jenkins <= 2.16.1