PT-2019-11870 · Jenkins · Jenkins Zulip Plugin+1

Wasin Saengow

Publicado

2019-10-23

Atualizado

2023-10-25

CVE-2019-10476

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins Zulip Plugin versions 1.1.0 and earlier Jenkins Zulip Plugin versions prior to 1.1.1

Description The issue allows stored credentials to be viewed unencrypted in the global configuration file on the Jenkins master. This could be accessed by users with access to the master file system.

Recommendations For Jenkins Zulip Plugin versions 1.1.0 and earlier, update to version 1.1.1 or later to resolve the issue. For Jenkins Zulip Plugin versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2019-10476

GHSA-HFJR-M75M-WMH7

Produtos afetados

Jenkins

Jenkins Zulip Plugin

PT-2019-11870 · Jenkins · Jenkins Zulip Plugin+1

CVE-2019-10476

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8