Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yOXhjLTU0Y3EtOTlyN84AAiY4
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Permalink: https://github.com/advisories/GHSA-r9xc-54cq-99r7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yOXhjLTU0Y3EtOTlyN84AAiY4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-r9xc-54cq-99r7, CVE-2019-10450
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-10450
- https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1434
- https://github.com/advisories/GHSA-r9xc-54cq-99r7
Affected Packages
maven:com.elasticbox.jenkins-ci.plugins:elasticbox
Affected Version Ranges: <= 5.0.1No known fixed version