CVE-2019-10280

HIGH8.8EPSS 0.07%

Jenkins Assembla Auth Plugin stores credentials in plain text

Published: 5/13/2022Modified: 2/16/2024

Description

Jenkins Assembla Auth Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

Affected packages (1)

Maven/org.jenkins-ci.plugins:assembla-authfrom 0, < 1.13

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10280
WEBhttps://jenkins.io/security/advisory/2019-04-03/#SECURITY-1093
WEBhttp://www.openwall.com/lists/oss-security/2019/04/12/2
WEBhttp://www.securityfocus.com/bid/107790