PT-2019-11785 · Ibm+1 · Jenkins Ibm Application Security On Cloud Plugin+1
James Holderness
·
Published
2019-08-28
·
Updated
2023-10-25
·
CVE-2019-10391
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins IBM Application Security on Cloud Plugin versions 1.2.4 and earlier
Description
The issue is related to the transmission of configured passwords in plain text as part of job configuration forms, potentially resulting in their exposure. The plugin has been deprecated.
Recommendations
For Jenkins IBM Application Security on Cloud Plugin versions 1.2.4 and earlier, consider disabling the plugin until a fix is available or an alternative solution is implemented. Restrict access to job configuration forms to minimize the risk of password exposure.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Ibm Application Security On Cloud Plugin