Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yNjloLTZjNGctNjN4Zs4AAhfo
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.
Permalink: https://github.com/advisories/GHSA-r69h-6c4g-63xfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNjloLTZjNGctNjN4Zs4AAhfo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
CVSS Score: 4.9
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-r69h-6c4g-63xf, CVE-2019-10363
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10363
- https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1458
- http://www.openwall.com/lists/oss-security/2019/07/31/1
- https://github.com/jenkinsci/configuration-as-code-plugin/commit/7506d50b846460ec9f4506f0e228d2e44f0d5a3e
- https://github.com/advisories/GHSA-r69h-6c4g-63xf
Blast Radius: 1.0
Affected Packages
maven:io.jenkins:configuration-as-code
Affected Version Ranges: <= 1.24Fixed in: 1.25