CVE-2019-10364

CWE-532Log File Information Exposure5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 91.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins EC2Jenkins Project Jenkins Amazon EC2 Plugin
Timeline
PublishedJul 31
Latest updateMay 24

Description

Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of private keys to the Jenkins system log.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_amazon_ec2_plugin1.43 and earlier
NVDjenkins/ec21.43

🔴Vulnerability Details

3
GHSA
Jenkins Amazon EC2 Plugin leaked beginning of private key in system log2022-05-24
OSV
Jenkins Amazon EC2 Plugin leaked beginning of private key in system log2022-05-24
CVEList
CVE-2019-10364: Jenkins Amazon EC2 Plugin 12019-07-31

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-07-312019-07-31
CVE-2019-10364 (MEDIUM CVSS 5.5) | Jenkins Amazon EC2 Plugin 1.43 and | cvebase.io