CVE-2018-1999030

CVSS v3.0 5.4 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.05 % (22^th)

Affected Products 1

Advisories 2

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-08-01 13:29:00
(6 years ago)
Updated Date: 2019-10-03 00:03:26
(5 years ago)

Affected Products

Jenkins

Maven Artifact Choicelistprovider \(nexus\)

Configuration #1

		CPE23	From	Up To
	Jenkins Maven Artifact Choicelistprovider (nexus) for Jenkins 1.3.1 and prior versions	cpe:2.3:a:jenkins:maven_artifact_choicelistprovider_\%28nexus\%29::::::jenkins		<= 1.3.1