CVE-2019-1003066
Description
Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file, allowing users with filesystem access to view them.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file, allowing users with filesystem access to view them.
Vulnerability
The Jenkins Bugzilla Plugin stores credentials in plain text in its global configuration file on the Jenkins master. Users with access to the master file system can view these credentials. All versions of the plugin prior to the fix released in the Jenkins Security Advisory 2019-04-03 are affected. [1]
Exploitation
An attacker with access to the Jenkins master file system (e.g., via SSH or Jenkins script console) can read the configuration file and obtain stored credentials. No authentication or user interaction is required beyond filesystem access. [1][2]
Impact
An attacker can obtain plaintext credentials (e.g., Bugzilla API tokens or passwords) used by the plugin, leading to unauthorized access to the Bugzilla instance. This compromises confidentiality and may enable further attacks.
Mitigation
The Jenkins Security Advisory 2019-04-03 addresses this vulnerability. Users should upgrade the Bugzilla Plugin to the latest version. The specific fixed version is not detailed in the available references. [1]
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jvnet.hudson.plugins:bugzillaMaven | <= 1.5 | — |
Affected products
2- Range: all versions as of 2019-04-03
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-rpx6-hp2h-gww4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1003066ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/04/12/2ghsamailing-listx_refsource_MLISTWEB
- www.securityfocus.com/bid/107790mitrevdb-entryx_refsource_BID
- jenkins.io/security/advisory/2019-04-03/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.