CVE-2019-10398

描述

Beaker builder Plugin stored the Beaker password unencrypted on the Jenkins controller. This password could be viewed by users with access to the Jenkins controller file system. Beaker builder Plugin now stores these credentials encrypted.

受影響套件(1)

• Maven/org.jenkins-ci.plugins:beaker-builderfrom 0, < 1.10

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10398
• WEBhttps://github.com/jenkinsci/beaker-builder-plugin/commit/be0101f3541a5d2c28cf226c8b2e55cd4cfc94da
• WEBhttps://jenkins.io/security/advisory/2019-09-12/#SECURITY-1545
• WEBhttp://www.openwall.com/lists/oss-security/2019/09/12/2