Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.plugins/bitbucket-approve@1.0.3

Type maven

Namespace org.jenkins-ci.plugins

Name bitbucket-approve

Version 1.0.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-b2s8-gz4d-xqgj

vulnerability_id VCID-b2s8-gz4d-xqgj

summary

Missing Encryption of Sensitive Data
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

references

reference_url	https://jenkins.io/security/advisory/2019-04-03/#SECURITY-965
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2019-04-03/#SECURITY-965

reference_url	http://www.openwall.com/lists/oss-security/2019/04/12/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2019/04/12/2

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-1003057
reference_id	CVE-2019-1003057
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-1003057

reference_url	https://github.com/advisories/GHSA-4cxr-4vwc-6pg7
reference_id	GHSA-4cxr-4vwc-6pg7
reference_type
scores
url	https://github.com/advisories/GHSA-4cxr-4vwc-6pg7

fixed_packages

aliases CVE-2019-1003057, GHSA-4cxr-4vwc-6pg7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2s8-gz4d-xqgj

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.plugins/bitbucket-approve@1.0.3

Package Instance