PT-2019-12251 · Cloudbees · Cloudbees Jenkins Operations Center

Binary1985

Published

2019-04-19

Updated

2020-08-24

CVE-2019-11350

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloudBees Jenkins Operations Center version 2.150.2.3

Description The issue allows cleartext password storage and retrieval via the proxy configuration page when an expired trial license exists.

Recommendations For CloudBees Jenkins Operations Center version 2.150.2.3, consider removing or updating the expired trial license to prevent cleartext password storage and retrieval. As a temporary workaround, restrict access to the proxy configuration page to minimize the risk of exploitation.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2019-11350

Affected Products

Cloudbees Jenkins Operations Center

PT-2019-12251 · Cloudbees · Cloudbees Jenkins Operations Center

CVE-2019-11350

Weakness Enumeration

Related Identifiers

Affected Products

References · 5