8.8

CVE-2019-10350

Jenkins Port Allocator Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JenkinsPort Allocator SwPlatformjenkins Version <= 1.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.67% 0.737
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://www.openwall.com/lists/oss-security/2019/07/11/4
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/109156
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1441
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-838/
Third Party Advisory
VDB Entry