Home

CVE-2019-1003070

Description

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.081

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-1003070 are affected in Jenkins - veracode-scanner 1.6Windows
Vulnerabilities CVE-2019-1003070 are affected in Jenkins - veracode-scanner for Linux 1.6Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234