Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02eHc5LXFxOWgtY3I2OM4AAifA

Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials

Jenkins Dynatrace Application Monitoring Plugin prior to 2.1.4 stores credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

##NOTE: This plugin is marked as DEPRECATED

Permalink: https://github.com/advisories/GHSA-6xw9-qq9h-cr68
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02eHc5LXFxOWgtY3I2OM4AAifA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago


CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-6xw9-qq9h-cr68, CVE-2019-10461
References: Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:dynatrace-dashboard
Affected Version Ranges: < 2.1.4
Fixed in: 2.1.4