CVE-2019-10460

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10460

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10460.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-10460

Aliases

GHSA-84h6-jf8x-ff2j

Published

2019-10-23T13:15:10Z

Modified

2024-09-03T02:22:20.278097Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.

References

Affected packages

Git / github.com/jenkinsci/bitbucket-oauth-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/bitbucket-oauth-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

971e41329787331deee113354bc98d95456a0960

Affected versions

bitbucket-oauth-0.*

bitbucket-oauth-0.1

bitbucket-oauth-0.2

bitbucket-oauth-0.3

bitbucket-oauth-0.4

bitbucket-oauth-0.5

bitbucket-oauth-0.6

bitbucket-oauth-0.7

bitbucket-oauth-0.8

bitbucket-oauth-0.9