Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01M2p3LTRnd2gtbThjbc4AAiOF

Jenkins LDAP Email Plugin shows plain text password in configuration form

Jenkins LDAP Email Plugin transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Permalink: https://github.com/advisories/GHSA-53jw-4gwh-m8cm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01M2p3LTRnd2gtbThjbc4AAiOF
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago

Identifiers: GHSA-53jw-4gwh-m8cm, CVE-2019-10434
References:

https://nvd.nist.gov/vuln/detail/CVE-2019-10434
https://jenkins.io/security/advisory/2019-10-01/#SECURITY-1515
http://www.openwall.com/lists/oss-security/2019/10/01/2
https://github.com/advisories/GHSA-53jw-4gwh-m8cm

Blast Radius: 0.0

Affected Packages

maven:com.mtvi.plateng.hudson:ldapemail

Dependent packages: 0
Dependent repositories: 1
Downloads:
Affected Version Ranges: <= 0.8
No known fixed version
All affected versions: