CVE-2019-10361

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 95.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins M2releaseJenkins Project Jenkins Maven Release Plugin
Timeline
PublishedJul 31
Latest updateMay 24

Description

Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials unencrypted on the Jenkins master where they could be viewed by users with access to the master file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_maven_release_plugin0.14.0 and earlier
NVDjenkins/m2release0.14.0

🔴Vulnerability Details

3
OSV
Jenkins Maven Release Plug-in Plugin stored credentials in plain text2022-05-24
GHSA
Jenkins Maven Release Plug-in Plugin stored credentials in plain text2022-05-24
CVEList
CVE-2019-10361: Jenkins Maven Release Plugin 02019-07-31

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-07-312019-07-31
CVE-2019-10361 (MEDIUM CVSS 5.5) | Jenkins Maven Release Plugin 0.14.0 | cvebase.io