CVE-2019-10363

CWE-319Cleartext TransmissionCWE-3115 documents5 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 84.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Configuration AS CodeJenkins Project Jenkins Configuration AS Code Plugin
Timeline
PublishedJul 31
Latest updateMay 24

Description

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin2022-05-24
GHSA
Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin2022-05-24
CVEList
CVE-2019-10363: Jenkins Configuration as Code Plugin 12019-07-31

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-07-312019-07-31
CVE-2019-10363 (MEDIUM CVSS 4.9) | Jenkins Configuration as Code Plugi | cvebase.io