CVE-2019-10411

Опубликовано: 25 сент. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Ссылки

http://www.openwall.com/lists/oss-security/2019/09/25/3
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1513
Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/09/25/3
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1513
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:inedo_buildmaster:*:*:*:*:*:jenkins:*:*

Версия до 2.4.0 (включая)

EPSS

Процентиль: 21%

0.00068

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-pxv2-mfq7-vhp6

CVSS3: 3.1

github

больше 3 лет назад

Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form