CVE Vulnerabilities

CVE-2019-10414

Insufficiently Protected Credentials

Published: Sep 25, 2019 | Modified: Oct 25, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Git_changelog Jenkins * 2.17 (including)

Potential Mitigations

References