CVE-2019-1003096

Insufficiently Protected Credentials in maven/org.jenkins-ci.plugins/TestFairy

Identifiers

GHSA-ffv8-x822-fx73, CVE-2019-1003096

Package Slug

maven/org.jenkins-ci.plugins/TestFairy

Vulnerability

Insufficiently Protected Credentials

Description

Jenkins TestFairy Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Affected Versions

All versions up to 4.16

Solution

Upgrade to version 4.17.2 or above.

Last Modified

2024-01-31

source