An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-3796 An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Github GHSA Github GHSA GHSA-fjh2-qhfh-rvfc Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-16T17:07:55.145Z

Reserved: 2018-08-01T00:00:00Z

Link: CVE-2018-1999030

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-01T13:29:00.607

Modified: 2024-11-21T03:57:05.600

Link: CVE-2018-1999030

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.