CVE-2018-1000104

Severity CVSS v4.0:
Pending analysis
Type:
CWE-522 Insufficiently Protected Credentials
Publication date:
13/03/2018
Last modified:
03/10/2019

Description

A plaintext storage of a password vulnerability exists in Jenkins Coverity Plugin 1.10.0 and earlier in CIMInstance.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured keystore and private key passwords.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:jenkins:coverity:*:*:*:*:*:jenkins:*:* 1.10.0 (including)


References to Advisories, Solutions, and Tools