HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2019-1003060

CVSS 8.8v3.1pub. 2019-04-04upd. 2024-11-21

Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Jenkins Official Owasp Zap

    APP
    Jenkins
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
CI/CD
CWE
References

Related vulnerabilities

CVE-2026-57301HIGH8.8ten sam produkt

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the...

CVE-2024-23897CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Jenkins CLI – odczyt dowolnych plików przez path traversal bez uwierzytelnienia

CVE-2019-1003030CRITICAL9.9⚠ KEVten sam vendor

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...

CVE-2019-1003029CRITICAL9.9⚠ KEVten sam vendor

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...

CVE-2018-1000861CRITICAL9.8⚠ KEVten sam vendor

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.13...