Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13bXEzLTI0am0tbTh4aM33LA
Jenkins Assembla Auth Plugin stores credentials in plain text
Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Permalink: https://github.com/advisories/GHSA-wmq3-24jm-m8xhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13bXEzLTI0am0tbTh4aM33LA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-wmq3-24jm-m8xh, CVE-2019-10280
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10280
- https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093
- http://www.openwall.com/lists/oss-security/2019/04/12/2
- http://www.securityfocus.com/bid/107790
- https://github.com/advisories/GHSA-wmq3-24jm-m8xh
Affected Packages
maven:org.jenkins-ci.plugins:assembla-auth
Affected Version Ranges: <= 1.11Fixed in: 1.13