CVE-2018-1000424
Summary
| CVE | CVE-2018-1000424 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2019-01-09 23:29:00 UTC |
|---|
| Updated | 2020-08-24 17:37:00 UTC |
|---|
| Description | An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Jfrog |
Artifactory |
All |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| Jenkins Multiple Security Vulnerabilities |
BID |
www.securityfocus.com |
Third Party Advisory, VDB Entry |
| Jenkins Security Advisory 2018-09-25 |
CONFIRM |
jenkins.io |
Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 997290 Java (Maven) Security Update for org.jenkins-ci.plugins:artifactory (GHSA-cvh8-9j4x-5v4j)
