CVE-2019-10443

CWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 70.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins IcescrumJenkins Project Jenkins Icescrum Plugin
Timeline
PublishedOct 16
Latest updateMay 24

Description

Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_icescrum_plugin1.1.4 and earlier
NVDjenkins/icescrum1.1.4

🔴Vulnerability Details

3
GHSA
Jenkins iceScrum Plugin stores credentials in Cleartext2022-05-24
OSV
Jenkins iceScrum Plugin stores credentials in Cleartext2022-05-24
CVEList
CVE-2019-10443: Jenkins iceScrum Plugin 12019-10-16

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-10-162019-10-16
CVE-2019-10443 (HIGH CVSS 8.8) | Jenkins iceScrum Plugin 1.1.4 and e | cvebase.io