CVE-2019-1003051Missing Encryption of Sensitive Data in Project Jenkins IRC Plugin

CWE-311Missing Encryption of Sensitive Data4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 76.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
46
Jenkins Project Jenkins IRC PluginJenkins Amazon SNS Build Notifier PluginJenkins Aqua Security Scanner Plugin+43 more
Timeline
PublishedApr 4
Latest updateMay 13

Description

Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages46 packages

🔴Vulnerability Details

2
OSV
Jenkins IRC Plugin stores credentials in plain text2022-05-13
GHSA
Jenkins IRC Plugin stores credentials in plain text2022-05-13

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-032019-04-03