CVE-2019-10291

CWE-522 — Insufficiently Protected Credentials5 documents5 sources

Severity

8.8HIGH

EPSS

0.1%

top 77.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Netsparker Cloud Scan Jenkins Project Jenkins Netsparker Cloud Scan Plugin

Timeline

PublishedApr 4

Latest updateMay 13

Description

Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:netsparker-cloud-scan< 1.1.6

▶CVEListV5jenkins_project/jenkins_netsparker_cloud_scan_plugin1.1.5 and older

▶NVDjenkins/netsparker_cloud_scan1.1.5

🔴Vulnerability Details

GHSA

Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text↗2022-05-13

▶

OSV

Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text↗2022-05-13

▶

CVEList

CVE-2019-10291: Jenkins Netsparker Cloud Scan Plugin 1↗2019-04-04

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-04-03↗2019-04-03

▶