CVE-2019-11350

Опубликовано: 19 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.

Ссылки

https://github.com/binary1985/VulnerabilityDisclosure/blob/master/CloudBees%20Jenkins%20Operations%20Center%20Password%20Disclosure
https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/CloudBees%20Jenkins%20Operations%20Center%20Password%20Disclosure
Third Party Advisory
https://release-notes.cloudbees.com/release/21/8.18
https://github.com/binary1985/VulnerabilityDisclosure/blob/master/CloudBees%20Jenkins%20Operations%20Center%20Password%20Disclosure
https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/CloudBees%20Jenkins%20Operations%20Center%20Password%20Disclosure
Third Party Advisory
https://release-notes.cloudbees.com/release/21/8.18

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudbees:jenkins_operations_center:2.150.2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00358

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-2jg6-pwh4-2g37