3.3

CVSS Score

3.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-1003063

CVE-2019-1003063: Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text

Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.snsnotify.AmazonSNSNotifier.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2019-1003063

CVE-2019-1003063:

3.3

CVSS Score

3.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:snsnotify	maven	< 2.37	2.37

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from handling AWS secrets as plain strings rather than using Jenkins' credential management system. The commit diff shows:

The secret key field type changed from String to Secret
The getter/setter methods were modified to handle Secret type
Previous implementation stored credentials in org.jenkinsci.plugins.snsnotify.AmazonSNSNotifier.xml unencrypted
The CWE-311 directly points to missing encryption of sensitive data in these credential handling functions

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2019-1003063: Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text

CVE-2019-1003063:

3.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2019-1003063: Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text

3.3

3.3

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI