CVE-2019-1010241

CWE-257CWE-522Insufficiently Protected Credentials6 documents6 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 53.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Credentials Binding Plugin JenkinsJenkins Credentials Binding
Timeline
PublishedJul 19
Latest updateMay 24

Description

Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-257: Storing Passwords in a Recoverable Format. The impact is: Authenticated users can recover credentials. The component is: config-variables.jelly line #30 (passwordVariable). The attack vector is: Attacker creates and executes a Jenkins job.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format2022-05-24
OSV
Jenkins Credentials Binding Plugin Stores Passwords in a Recoverable Format2022-05-24
CVEList
CVE-2019-1010241: Jenkins Credentials Binding Plugin Jenkins 12019-07-19

📋Vendor Advisories

1
Red Hat
jenkins-plugin-credentials-binding: storing passwords in recoverable format leading to authenticated users being able to recover credentials2019-07-23

💬Community

1
Bugzilla
CVE-2019-1010241 jenkins-plugin-credentials-binding: storing passwords in recoverable format leading to authenticated users being able to recover credentials2019-07-23