PT-2019-11775 · Jenkins · Jenkins Google Cloud Messaging Notification Plugin
David Fiser
·
Published
2019-08-07
·
Updated
2023-10-25
·
CVE-2019-10379
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Google Cloud Messaging Notification Plugin version 1.0 and earlier
Description
The issue concerns the storage of credentials in an unencrypted manner within the global configuration file on the Jenkins master. This allows users with access to the master file system to view these credentials.
Recommendations
For Jenkins Google Cloud Messaging Notification Plugin version 1.0 and earlier, consider removing or encrypting the stored credentials in the global configuration file to prevent unauthorized access. As a temporary workaround, restrict access to the Jenkins master file system to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins Google Cloud Messaging Notification Plugin