CVE-2019-10361

Опубликовано: 31 июл. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.

Ссылки

http://www.openwall.com/lists/oss-security/2019/07/31/1
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-835/
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2019/07/31/1
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1435
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-835/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:m2release:*:*:*:*:*:jenkins:*:*

Версия до 0.14.0 (включая)

EPSS

Процентиль: 4%

0.00018

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-vwx8-qpqh-qwm9

CVSS3: 3.3

github

больше 3 лет назад

Jenkins Maven Release Plug-in Plugin stored credentials in plain text