CVE-2018-1000424

Insufficiently Protected Credentials in maven/org.jenkins-ci.plugins/artifactory

Identifiers

GHSA-cvh8-9j4x-5v4j, CVE-2018-1000424

Package Slug

maven/org.jenkins-ci.plugins/artifactory

Vulnerability

Insufficiently Protected Credentials

Description

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

Affected Versions

All versions before 2.16.2

Solution

Upgrade to version 2.16.2 or above.

Last Modified

2024-01-31

source