PT-2019-12251 · Cloudbees · Cloudbees Jenkins Operations Center

Binary1985

Publicado

2019-04-19

Atualizado

2020-08-24

CVE-2019-11350

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloudBees Jenkins Operations Center version 2.150.2.3

Description The issue allows cleartext password storage and retrieval via the proxy configuration page when an expired trial license exists.

Recommendations For CloudBees Jenkins Operations Center version 2.150.2.3, consider removing or updating the expired trial license to prevent cleartext password storage and retrieval. As a temporary workaround, restrict access to the proxy configuration page to minimize the risk of exploitation.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2019-11350

Produtos afetados

Cloudbees Jenkins Operations Center

PT-2019-12251 · Cloudbees · Cloudbees Jenkins Operations Center

CVE-2019-11350

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5