CVE-2019-10430

Опубликовано: 25 сент. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Ссылки

http://www.openwall.com/lists/oss-security/2019/09/25/3
Mailing List
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504
Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/09/25/3
Mailing List
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:neuvector_vulnerability_scanner:*:*:*:*:*:jenkins:*:*

Версия до 1.5 (включая)

EPSS

Процентиль: 6%

0.00025

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-312

Связанные уязвимости

GHSA-3fpx-g9h3-hh8x