CVE-2019-16568

Опубликовано: 17 дек. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously configured service credentials in plain text as part of the global configuration, as well as individual jobs' configurations.

Ссылки

http://www.openwall.com/lists/oss-security/2019/12/17/1
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1521
Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/12/17/1
Mailing List
Third Party Advisory
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1521
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:sctmexecutor:*:*:*:*:*:jenkins:*:*

Версия до 2.2 (включая)

EPSS

Процентиль: 7%

0.00027

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-rxph-cq38-gm3g