An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02eHc5LXFxOWgtY3I2OM4AAifA

Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials

Jenkins Dynatrace Application Monitoring Plugin prior to 2.1.4 stores credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

##NOTE: This plugin is marked as DEPRECATED

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago

CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-6xw9-qq9h-cr68, CVE-2019-10461
References: Blast Radius: 1.0

Affected Packages

Affected Version Ranges: < 2.1.4
Fixed in: 2.1.4