CVE-2019-1003052: Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
3.3
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.24824%
CWE
Published
5/13/2022
Updated
10/26/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin | maven | <= 1.7.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from unencrypted credential storage in AWSEBPublisher.xml
. Jenkins plugins typically use Secret or Credentials API for sensitive data. The save()
method would be responsible for serializing configuration data to disk, and setCredentials()
would handle credential assignment. Both would need to lack encryption logic to cause plaintext storage. While exact implementation details aren't visible, these are core methods involved in credential persistence based on Jenkins plugin patterns and the described vulnerability mechanism.