Description
An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.
Remediation
References
Related Vulnerabilities
LimeSurvey Improper Input Validation Vulnerability (CVE-2019-15640)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
WordPress Plugin Push Notifications for WordPress (Lite) Cross-Site Request Forgery (6.0)
WordPress Plugin Pricing Table by Supsystic Multiple Vulnerabilities (1.8.7)
WordPress Plugin Accept Donations with PayPal Cross-Site Request Forgery (1.3)