CVE-2019-10420Insufficiently Protected Credentials in Jenkins Assembla

CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins AssemblaJenkins Project Jenkins Assembla Plugin
Timeline
PublishedSep 25
Latest updateMay 24

Description

Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_assembla_plugin1.4 and earlier

🔴Vulnerability Details

3
OSV
Jenkins Assembla Plugin has Insufficiently Protected Credentials2022-05-24
GHSA
Jenkins Assembla Plugin has Insufficiently Protected Credentials2022-05-24
CVEList
CVE-2019-10420: Jenkins Assembla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with a2019-09-25

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-09-252019-09-25
CVE-2019-10420 — Insufficiently Protected Credentials | cvebase