Required CVE Record Information
Description
Jenkins Twitter Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- openwall.com: [oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins mailing-listx_transferred
- securityfocus.com: 108159 vdb-entryx_transferred
- https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1143 x_transferred