Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-41u3-f218-zfcj
Summary
Missing Encryption of Sensitive Data
Jenkins Upload to pgyer Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Aliases
0
alias CVE-2019-1003089
1
alias GHSA-wchh-wvpx-pf47
Fixed_packages
0
url pkg:maven/ren.helloworld/upload-pgyer@1.33
purl pkg:maven/ren.helloworld/upload-pgyer@1.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ren.helloworld/upload-pgyer@1.33
Affected_packages
0
url pkg:maven/ren.helloworld/upload-pgyer@1.32
purl pkg:maven/ren.helloworld/upload-pgyer@1.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41u3-f218-zfcj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/ren.helloworld/upload-pgyer@1.32
References
0
reference_url https://github.com/jenkinsci/upload-pgyer-plugin/commit/af4e89754c31a0d71b98d3f360088e8dae36a313
reference_id
reference_type
scores
url https://github.com/jenkinsci/upload-pgyer-plugin/commit/af4e89754c31a0d71b98d3f360088e8dae36a313
1
reference_url https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044
reference_id
reference_type
scores
url https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1044
2
reference_url http://www.openwall.com/lists/oss-security/2019/04/12/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/04/12/2
3
reference_url http://www.securityfocus.com/bid/107790
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/107790
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1003089
reference_id CVE-2019-1003089
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-1003089
5
reference_url https://github.com/advisories/GHSA-wchh-wvpx-pf47
reference_id GHSA-wchh-wvpx-pf47
reference_type
scores
url https://github.com/advisories/GHSA-wchh-wvpx-pf47
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 311
name Missing Encryption of Sensitive Data
description The product does not encrypt sensitive or critical information before storage or transmission.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-41u3-f218-zfcj