8.8

CVE-2019-10351

Jenkins Caliper CI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JenkinsCaliper Ci SwPlatformjenkins Version <= 2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.63% 0.731
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://www.openwall.com/lists/oss-security/2019/07/11/4
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/109156
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2019-07-11/#SECURITY-1437
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-836/
Third Party Advisory
VDB Entry