CVE-2019-10398

LOW3.3EPSS 0.01%

Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials

Published: 5/24/2022Modified: 2/16/2024

Description

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted.

Affected packages (1)

Maven/org.jenkins-ci.plugins:beaker-builderfrom 0, < 1.10

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	LOW3.3	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10398
WEBhttps://github.com/jenkinsci/beaker-builder-plugin/commit/be0101f3541a5d2c28cf226c8b2e55cd4cfc94da
WEBhttps://jenkins.io/security/advisory/2019-09-12/#SECURITY-1545
WEBhttp://www.openwall.com/lists/oss-security/2019/09/12/2