CVE-2019-10461: Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

Affected

12 ranges

Vendor	Product	Version range	Fixed in
jenkins	bitbucket_oauth_plugin	—	—
jenkins	deploy_weblogic_plugin	—	—
jenkins	dynatrace_application_monitoring	<= 2.1.3	—
jenkins	dynatrace_application_monitoring_plugin	—	—
jenkins	global_post_script_plugin	—	—
jenkins	ids_in_libvirt_agents_plugin	—	—
jenkins	ids_to_allow_users_configuring_the_plugin	—	—
jenkins	libvirt_agents_plugin	—	—
jenkins	mattermost_notification_plugin	—	—
jenkins	sonar_gerrit_plugin	—	—
jenkins	zulip_plugin	—	—
jenkins_project	jenkins_dynatrace_application_monitoring_plugin	—	—