PT-2019-11842 · Jenkins · Jenkins Extensive Testing Plugin+1

David Fiser

Publicado

2019-10-16

Atualizado

2023-10-25

CVE-2019-10448

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Extensive Testing Plugin (affected versions not specified)

Description The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master. Users with Extended Read permission or access to the master file system can view these credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Storage of Sensitive Information

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312CWE-522

Identificadores relacionados

CVE-2019-10448

GHSA-8X6C-375H-PM4F

Produtos afetados

Jenkins

Jenkins Extensive Testing Plugin

PT-2019-11842 · Jenkins · Jenkins Extensive Testing Plugin+1

CVE-2019-10448

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4