CVE-2019-10407 — Sensitive Information Exposure in Jenkins Project Inheritance

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 65.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Inheritance Jenkins Project Inheritance Plugin

Timeline

PublishedSep 25

Latest updateMay 24

Description

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_project_inheritance_plugin2.0.0 and earlier

▶NVDjenkins/project_inheritance2.0.0

🔴Vulnerability Details

OSV

Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin↗2022-05-24

▶

GHSA

Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin↗2022-05-24

▶

CVEList

CVE-2019-10407: Jenkins Project Inheritance Plugin 2↗2019-09-25

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-09-25↗2019-09-25

▶