PT-2019-11837 · Jenkins · Jenkins Icescrum Plugin+1

David Fiser

Publicado

2019-10-16

Atualizado

2023-10-25

CVE-2019-10443

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins iceScrum Plugin version 1.1.4 and earlier

Description The issue allows stored credentials to be stored unencrypted in job config.xml files on the Jenkins master. These credentials could be viewed by users with Extended Read permission or access to the master file system.

Recommendations For Jenkins iceScrum Plugin version 1.1.4 and earlier, update to a version later than 1.1.4 to ensure credentials are properly encrypted.

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2019-10443

GHSA-362P-56C9-Q273

ZDI-19-933

Produtos afetados

Jenkins

Jenkins Icescrum Plugin

PT-2019-11837 · Jenkins · Jenkins Icescrum Plugin+1

CVE-2019-10443

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7