CVE-2019-10283Insufficiently Protected Credentials in Project Jenkins Mabl Plugin

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 77.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Project Jenkins Mabl Plugin
Timeline
PublishedApr 4
Latest updateMay 13

Description

Jenkins mabl Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5jenkins_project/jenkins_mabl_pluginall versions as of 2019-04-03

🔴Vulnerability Details

3
OSV
Jenkins mabl Plugin stores credentials in plain text2022-05-13
GHSA
Jenkins mabl Plugin stores credentials in plain text2022-05-13
CVEList
CVE-2019-10283: Jenkins mabl Plugin stores credentials unencrypted in job config2019-04-04

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-04-032019-04-03
CVE-2019-10283 — Insufficiently Protected Credentials | cvebase