Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zZnB4LWc5aDMtaGg4eM4AAq6V
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text
Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Permalink: https://github.com/advisories/GHSA-3fpx-g9h3-hh8xJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZnB4LWc5aDMtaGg4eM4AAq6V
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 10 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-3fpx-g9h3-hh8x, CVE-2019-10430
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10430
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1504
- http://www.openwall.com/lists/oss-security/2019/09/25/3
- https://github.com/advisories/GHSA-3fpx-g9h3-hh8x
Affected Packages
maven:io.jenkins.plugins:neuvector-vulnerability-scanner
Affected Version Ranges: <= 1.5Fixed in: 1.6