BIT-artifactory-2020-2164

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/artifactory/BIT-artifactory-2020-2164.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-artifactory-2020-2164
Aliases
Published
2024-03-06T10:53:12.876Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory server password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.

Database specific
{
    "cpes": [
        "cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:jenkins:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / artifactory

Package

Name
artifactory
Purl
pkg:bitnami/artifactory

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.1