Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05Njc4LTVmNmYtd3AzZs4AAiCL
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system.
Beaker builder Plugin now stores these credentials encrypted.
Permalink: https://github.com/advisories/GHSA-9678-5f6f-wp3fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05Njc4LTVmNmYtd3AzZs4AAiCL
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: 9 months ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-9678-5f6f-wp3f, CVE-2019-10398
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10398
- https://jenkins.io/security/advisory/2019-09-12/#SECURITY-1545
- http://www.openwall.com/lists/oss-security/2019/09/12/2
- https://github.com/jenkinsci/beaker-builder-plugin/commit/be0101f3541a5d2c28cf226c8b2e55cd4cfc94da
- https://github.com/advisories/GHSA-9678-5f6f-wp3f
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.plugins:beaker-builder
Affected Version Ranges: < 1.10Fixed in: 1.10