{"id":"CVE-2019-1003038","details":"An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration.","aliases":["GHSA-99jc-v8pq-6qm4"],"modified":"2026-04-10T04:08:32.960477Z","published":"2019-03-08T21:29:00.640Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/107476"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/repository-connector-plugin","events":[{"introduced":"0"},{"last_affected":"f50e55bbe2e9604fc6674f27e933163300e56788"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.4"}]}}],"versions":["repository-connector-0.6.1","repository-connector-0.7.0","repository-connector-0.8.0","repository-connector-0.8.2","repository-connector-1.0.0","repository-connector-1.0.1","repository-connector-1.1.0","repository-connector-1.1.1","repository-connector-1.1.2","repository-connector-1.1.3","repository-connector-1.2.0","repository-connector-1.2.1","repository-connector-1.2.2","repository-connector-1.2.3","repository-connector-1.2.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1003038.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}