1. Home
  2. Vulnerabilities
  3. CVE-2019-1003064

CVE-2019-1003064

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.24 % (65th)
0.24% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Weaknesses
CWE-311
Missing Encryption of Sensitive Data
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2019-04-04 16:29:00
(5 years ago)
Updated Date
2023-10-25 18:16:05
(10 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins Aws-device-farm for Jenkins cpe:2.3:a:jenkins:aws-device-farm::*:*:*:*:jenkins