CVE-2019-10430

CWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 98.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Neuvector Vulnerability ScannerJenkins Project Jenkins Neuvector Vulnerability Scanner Plugin
Timeline
PublishedSep 25
Latest updateMay 24

Description

Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

3
GHSA
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text2022-05-24
OSV
Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text2022-05-24
CVEList
CVE-2019-10430: Jenkins NeuVector Vulnerability Scanner Plugin 12019-09-25

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-09-252019-09-25
CVE-2019-10430 (MEDIUM CVSS 5.5) | Jenkins NeuVector Vulnerability Sca | cvebase.io